CJEU Clarifies Rules on Conflict of Interest in Relation to DPO Role
Time 1 Minute Read
Categories: European Union, International

On February 9, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the X-FAB Dresden case (C-453/21). In this decision, the CJEU clarified the criteria for assessing whether a conflict of interest exists between the Data Protection Officer (“DPO”) position, and other tasks or duties assigned to the DPO.

The CJEU emphasized that organizations must ensure that the DPO is not entrusted with tasks or duties which could impair the execution of their DPO obligations. Particularly, the DPO cannot determine the objectives and methods of a personal data processing activity.

A case-by-case assessment is required to determine whether a conflict of interest exists. This assessment should take into account “all the relevant circumstances, in particular the organisational structure of the controller or its processor and in the light of all the applicable rules, including any policies of the controller or its processor”.

The CJEU also confirmed the possibility of further restricting DPO dismissal under national laws, as long as such laws do not undermine the objectives of the GDPR.

Read CJEU’s decision.

Tags: Court of Justice of the European Union, Data Processor, GDPR, Personal Data
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page