In a judgment of August 1, 2022, the Court of Justice of the European Union (CJEU) provided further guidance on two important aspects of the General Data Protection Regulation (GDPR) (CJEU C-184/20). In summary, the CJEU held that, first, for a national law that imposes a legal obligation to process personal data to be able to constitute a legal basis for processing, it needs to be lawful, meaning that it must meet an objective of public interest and be proportionate to the legitimate aim pursued, and second, that non-sensitive data that are liable to reveal sensitive personal data need to be protected by the strengthened protection regime for processing of special categories of personal data.
Yung Shin Van Der Sype is a counsel at Crowell & Moring’s Brussels Office and a member of the firm’s Privacy & Cybersecurity and IP Group. She focuses on IT law, such as privacy and data protection and IT contracts and cybersecurity, particularly in relation to HR-related matters. Yung Shin advises national and international clients from different sectors ranging from social media to esports. She has more than 10 years’ experience providing services across the spectrum of IT law and has built up an impressive reputation in this area. She is also widely respected for her pragmatic and creative approach to solving business disputes.