The latest episode of Joost’s Case Corner on PrivacyPod delivers crucial insights into how the Court of Justice of the European Union continues to shape our digital rights landscape. Our CEO Joost Gerritsen analyzes two groundbreaking cases that demonstrate the GDPR’s power as a tool for human dignity and algorithmic accountability.
Deldits Case: When Privacy Law Protects Human Dignity
The first case from Hungary reveals how GDPR serves as a shield against discrimination. An Iranian refugee who underwent gender reassignment surgery faced bureaucratic resistance when requesting to update their gender marker from female to male in official records. Despite providing medical certificates and psychiatric documentation, Hungarian authorities demanded invasive evidence of the actual surgery.
The Court’s ruling was unequivocal: member states cannot weaponise administrative procedures to make life difficult for transgender individuals. The GDPR’s fundamental right to data rectification means that when personal data becomes inaccurate – including gender identity markers – authorities must update it without demanding excessive or intrusive proof.
What makes this decision particularly significant for privacy professionals and supervisory authorities is how it demonstrates the GDPR’s reach beyond traditional data protection concerns. The Court recognised that requiring detailed surgical evidence violates both the right to personal integrity and private life. As Advocate General Collins noted, this wasn’t merely about administrative procedure – it was about human dignity.
Dun & Bradstreet: Making Automated Decisions Accountable
The second case tackles a challenge every business navigating compliance faces: how to explain automated decision-making under Article 22 GDPR. When an Austrian mobile operator rejected a customer’s application based on an automated credit assessment for a mere €10 monthly contract, it sparked a legal battle over algorithmic transparency.
The Court delivered practical guidance that law firms advising clients have been waiting for:
- Simply providing the algorithm itself doesn’t constitute meaningful information
- Detailed technical descriptions of every computational step would overwhelm rather than inform
- Controllers must explain which personal data influenced the decision and how different data might have led to different outcomes
- Trade secret claims must be verified by courts, not used as blanket refusals
This ruling has immediate implications for anyone designing or deploying AI and automated systems. Software engineers can no longer code in isolation – they must build systems capable of generating human-understandable explanations. The message is clear: transparency isn’t optional, it’s architectural.
Connecting the Dots: Why These Cases Matter Now
Both cases underscore a critical reality for European data protection professionals: the GDPR isn’t just about compliance checkboxes. It’s a living framework that courts are actively using to protect fundamental rights in our increasingly automated world.
For supervisory authorities enforcing regulations, these rulings provide clear precedents for handling complaints about discriminatory data practices and opaque automated systems. The decisions also highlight how cross-referenced case law builds upon itself – each ruling strengthening the framework of digital rights protection.
The timing couldn’t be more relevant. As the AI Act implementation accelerates and organisations grapple with new AI literacy requirements, understanding how courts interpret existing data protection law becomes essential. These cases show that whether we’re dealing with human prejudice or algorithmic bias, the GDPR provides powerful tools for accountability.
The Practical Takeaway
What should legal professionals and compliance teams take from these rulings? First, that meaningful transparency requires more than technical compliance – it demands genuine consideration of human understanding and dignity. Second, that the GDPR’s principles apply with equal force whether discrimination comes from human decisions or automated systems.
As these cases demonstrate, staying current with EU digital law isn’t just about avoiding fines – it’s about understanding how fundamental rights shape every aspect of data processing. From gender identity recognition to credit scoring algorithms, the GDPR continues to evolve through judicial interpretation.
Navigate the Expanding EU Digital Rulebook with Confidence
These landmark cases represent just a fraction of the rapidly evolving European legal intelligence landscape that privacy professionals must track. With new interpretations emerging daily from courts and supervisory authorities across Europe, maintaining the expert knowledge required by the GDPR and AI Act becomes increasingly challenging.
That’s where Digibeetle transforms hours of research into minutes. Our expert-curated platform doesn’t just compile cases – we reveal the hidden connections between court decisions, supervisory guidance, and regulatory developments. While others rely on algorithms, our seasoned legal professionals hand-pick and cross-reference the documents that actually matter for your practice.
Ready to see how comprehensive legal research should work? Start your 30-day free trial and discover why leading law firms, supervisory authorities, and privacy professionals trust Digibeetle for their EU digital law research. Or book a consultation to explore how we can support your organisation’s specific compliance needs.
