The CJEU rules on the liability of controllers

Written By

ruth boardman module
Ruth Boardman

Partner
UK

I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.

katerina tassi Module
Katerina Tassi

Senior Associate
UK

I am an associate in our London Privacy and Data Protection Group, advising organisations on UK and EU data protection law, including GDPR and ePrivacy rules.

Ruth Boardman and Katerina Tassi have written an insightful article for the International Association of Privacy Professionals (IAPP) covering the Court of Justice of the European Union’s interpretation of EU General Data Protection Regulation provisions in recent cases. In the article they delve into a recent case, C-683/21, where the court held a controller can be liable for processing carried out by its processor.

Latest insights

More Insights
Curiosity line blue background

“Reasonable Steps” under Part 4A of the Online Safety Act 2021 (Cth): eSafety Commissioner Guidance and Implications

Sep 18 2025

Read More
Curiosity line yellow background

General Data Protection Guide (GDPR) – Japanese Version Available

1 minute Sep 17 2025

Read More
Curiosity line green background

Digital Duty of Care: What Phase 2 eSafety Codes Demand from Providers

Sep 16 2025

Read More