The CJEU rules on the liability of controllers
Contacts
Partner
UK
I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.
Ruth Boardman and Katerina Tassi have written an insightful article for the International Association of Privacy Professionals (IAPP) covering the Court of Justice of the European Union’s interpretation of EU General Data Protection Regulation provisions in recent cases. In the article they delve into a recent case, C-683/21, where the court held a controller can be liable for processing carried out by its processor.
Latest insights
More Insights
China Cybersecurity and Data Protection: Monthly Update – January 2026 Issue
20 minutes Feb 06 2026
Facial recognition and the Privacy Act: a clearer (but stricter) line for businesses
3 minutes Feb 06 2026
Alright, Alright, Alright: Matthew McConaughey Secures Comprehensive Trade Mark Protection of His Persona to Combat AI Deepfakes
4 minutes Feb 05 2026