EU Court of Justice Clarifies the Concept of Personal Data in the Context of a Transfer of Pseudonymized Data to Third Parties

By Dan Cooper, Kristof Van Quathem & Laura Somaini on September 4, 2025

On September 4, 2025, the Court of Justice of the EU (“Court”) handed down its judgment in case EDPS v SRB C-413/23 P, setting aside the General Court of the European Union’s (“General Court”) judgment of April 26, 2023 in case SRB v EDPS T‑557/20. In particular, the Court clarified that whether pseudonymized data can be considered as personal data depends on the specific circumstances of the case, such as whether a third party to whom data is transferred by a data controller can reasonably identify the data subject.

We provide below an overview of the Court’s key findings.Continue Reading EU Court of Justice Clarifies the Concept of Personal Data in the Context of a Transfer of Pseudonymized Data to Third Parties

EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

By Kristof Van Quathem on April 28, 2023

Posted in EU Data Protection

On April 26, 2023, the General Court of the European Union issued its judgment in Case T-557/20, SRB v EDPS.

The Court held that pseudonymized data transmitted to a data recipient will not be considered personal data if the data recipient does not have the means to re-identify the data subjects. The Court also clarified that an individual’s opinions cannot be assumed to be personal data; instead, a case-by-case assessment is necessary.Continue Reading EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

Inside Privacy

pseudonymized data

EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

About this Blog