The Bindl judgment is significant. Some positives for controllers/processors: (i) hypothetical, unproven data transfers are not transfers (“the mere risk of access to personal data by a third country cannot amount to a transfer of data” – para. 135);(ii) repeating the principle (for EU Institutions’ non-contractual liability, but similar ones exist in most countries) that…

Continue Reading →