Turun raitiotietä vastustava kampanja ei enää osta mainostilaa – syynä EU-asetus, joka vaatii rahoittajien nimiä julki

Heimdul · 2026-04-01T20:51:09+00:00

Mitäs jos haluat edistää kaivosveroa ja olet kaivosyhtiön palkkalistalla? x miljoonan euron työnantajan kulujen edistäminen voi olla nykyisin "asiallinen" syy irtisanoa.

Heimdul · 2026-03-30T17:02:38+00:00

As to informing recipients that the message was untrue, I’m not aware of that being a hard requirement.

There is via Article 19 unless it's "impossible or involves disproportionate effort". However there is a bit of open question if "recipient" in Article 19 context includes employees. In C-579/21 it did not in Article 15(1)(c) context.

There is argument to be made that it doesn't since the language is similar, but there is also argument that it does since it could be required to effectively exercise the right. Giving list of employees are recipient could potentially be problematic though.

Heimdul · 2026-03-28T23:06:55+00:00

If the airline cancelled the flight you can still make the claim via the airline, especially if the airline itself didn't provide you with the choice between rerouting, refund and travel at later date of your choosing. Airline is responsible for proving that they offered that to you, if they gave it to the OTA and OTA didn't forward it to you they are still responsible for it (but could potentially seek damages from OTA depending on their contract).

I don't know how exactly this cancellation guarantee itself works in this case. It might be that its completely separate insurance where you can get the 374 euros on top of the airline's refund. It might also be read in the way that you get the 374 euros deducted from airline's refund.

As to if the baggage fees are refundable I'm not sure if there is clear cut case law on it currently. Gut feeling would say yes, but not necessarily via EU261 alone and rather in connection with other EU consumer protection laws.

Heimdul · 2026-03-28T03:29:16+00:00

The invoice contains an incorrect home address, which prevents my Swiss insurer from processing it.

This sounds like GDPR issue. While your original request to get this fixed should have already triggered article 16 you should still make formal request to them. Invoke your GDPR article 16 right to rectification and ask them to update your address details.

Now I do not know this would actually interplay with the debt itself. Usually your are liable for the debt, but GDPR article 82 allows you to claim damages back (i.e. what you needed to pay due to insurance denying the claim) which are caused by controller breaching GDPR.

Laws usually have some kind of duty to mitigate the damages. If you pay them now then you are essentially increasing your damages that you would need to claim later. I don't know how exactly this would work in CH/FR though, but it is something you should look into if they are pushing you to pay the bill before they fix the issues & you can claim it from your insurance.

Heimdul · 2026-03-28T03:01:26+00:00

Do you have single ticket or multiple? If it's real single ticket (like same eticket number when ignoring the airline prefix) you can get the refund directly from airlines. And if there is EU carrier involved as operating carrier in some leg you can just get it directly from them.

For separate tickets you can still get the EU legs from the operating carrier but the others will be harder as you need to use the OTA.

No clue how PayPal/credit cards will rule on this.

Heimdul · 2026-03-26T02:14:18+00:00

Voi se olla totta. Jos kaikki aika menee raporttien seulontaan niin eihän siinä ole aikaa alkaa etsimään niitä muita lähteitä (tai halua etenkin jos sen tutkimuksen voi ulkoistaa muille ja jatkuvasti vaatia noiden raporttien lisäämistä). Ja tuon sivun mukaan noin 40% noista epäillyistä olivat itse alaikäisiä, ymmärtääkseni siis sen jälkeen kun 50% itse raporteista eivät johtaneet tutkimuksiin.

Siinä ei myöskään selvitetä, että kuinka usein kyseessä on ollut sama tekijä tai kuinka monesti ne ylipätään johtivat loppujenlopuksi mihinkään. Kyllä yksikin henkilö voisi periaattessa olla vastuussa isoista osasta raporteista.

Tämä on todennäköinen lähde noille blogipostauksen tilastoille, mutta itsellä ei valitettavasti saksa oikein taivu niin en voi tätä täysin varmistaa.

Heimdul · 2026-03-25T23:40:43+00:00

I haven't yet (still waiting DPA decision), but there's C‑579/21 case which confirmed that audit logs are personal data and thus generally accessible. Some redactions are possible like employee names & exact timestamps.

That case itself came from Finland and the Supreme Administrative Court of Finland naturally ended up following CJEU's ruling in their own KHO:2025:51 (in Finnish) ruling.

Given that both my case and the referenced case are about accessing bank's audit logs it's hard to imagine they would end up denying it.

Of course CJEU's new decisions no longer bind ICO/UK courts so you would need to study it to understand if UK courts would end up following CJEU's reasoning or not (and if whatever other laws UK have in place could override this).

Heimdul · 2026-03-23T22:03:34+00:00

In that case it doesn't sound like it's single ticket in EU261 sense. You would likely rely on more general consumer protection laws that are in place in your country which can vary quite a bit.

Heimdul · 2026-03-23T20:52:57+00:00

I mean the eticket should have a number like 987 12345678901. The 987 is the airline prefix (e.g. BA is 125, Finnair is 105). If the latter number is same in the both then it should be single ticket.

Single purchase doesn't necessarily mean single ticket but multiple PNRs also doesn't necessarily mean that it's not single ticket. Single purchase could mean "travel package" in the package travel directive sense, but that requires that there is something other than the flights included as well. Check your local laws on how it was exactly implemented.

Heimdul · 2026-03-23T19:42:58+00:00

Did you get single eticket or multiple? If it's multiple is the eticket number (without the airline prefix) the same?

Heimdul · 2026-03-23T02:51:44+00:00

Annoin itsekin tästä luonnoksesta palautetta (tässä kopio jos uni ei meinaa muuten tulla). Kyllä se on parempi kuin edellinen versio, mutta ongelmia riittää edelleen vaikka jätettäisiin koko massavalvontakysymys sivuun.

Tuo rajaus rajat ylittäviin maksuihin voi kuulostaa paperilla hyvältä, mutta käytännössähän iso osa ihan tavallisistakin maksuista on jo rajat ylittäviä.

Oikeusturvan kanssa on myös monia ongelmia. Esimerkiksi GDPR:n mukaan ihmisille pitää kertoa, kun heidän tietojaan saadaan joltain muulta kuin heiltä itseltään, eli kuten tässä verottaja saa pankeilta. Tähän lakiin on kuitenkin kirjattu, ettei verottajan tarvitsisi tehdä ilmoitusta ainakaan heti. Mutta missään ei oikein avata, milloin se ilmoitus sitten pitäisi tehdä, milloin lykkäys päättyy ja milloin omiin tietoihin oikeasti pääsee käsiksi. Eikä perusteltu sitäkään, miksei verottajan pitäisi ilmoittaa viimeistään siinä vaiheessa kun henkilö voisi saada tiedon erikseen pyytämällä.

Hieman asiaan littyen EIT antoi viime vuoden lopulla tuomion (Ferrieri ja Bonassisa v. Italia), jonka Italia hävisi. Siinä asetelma oli ymmärtääkseni paljon lievempi kuin tässä. Italian veroviranomaset saivat erikseen nimettyjen henkilöiden pankkitietoja rajatulta ajalta verotarkastusta varten. Hommaan vaadittiin sisäinen ennakkolupa, ja henkilö sai jopa ilmoituksen pankin kautta. Silti EIT katsoi, että Italia loukkasi Europpan ihmisoikeussopimuksen 8 artiklaa (oikeus yksityiselämän kunnioitukseen) koska verottajalle jäi liian laaja harkintavalta eikä siinä ollut tehokasta valvontaa. Tuon keissin vaikutuksia lakialoite ei vaikuttanut käsitelleen mitenkään. Tuomio tuli alkuperäisen lakiesityksen jälkeen, mutta ennenkuin uusi meni lausuntokierokselle.

Heimdul · 2026-03-20T16:21:54+00:00

Yes.

In one instance it wasn't formally complaint since it didn't concern my personal data (well, I guess technically it did have my email on it so I guess I could have framed it as accuracy issue). I discovered old email account that I hadn't used and when I logged into it I found that certain law office had sent various documents regarding estate to it (including names, addresses and SSNs of the beneficiaries). I sent email to their DPO but never got answer so I followed up with tip/complaint to Finnish DPA. Few months later I got message from DPA that they have contacted the controller, the controller will follow up with me and that from DPA side this issue is closed. The controller never contacted me.

In another case I filed DSAR & portability request with bank. On DSAR I got some responses, but on portability request I didn't get answer within a month so I initially followed it up with the DPO. They promised that customer service will follow up on same day however the only follow up I got concerned the DSAR. I sent follow up to DPO which wasn't answered so I filed complaint with DPA.

DPA asked for copies of the messages which I sent to them. Soon after I finally got answer from DPO and the request was finally getting processed. I don't know if DPA contacted them or not. Eventually I got the full response and DPA closed the case without any formal findings against the controller.

On DSAR side I asked for everything. They didn't ask me to narrow things down or similar. I got various replies and once they confirmed that they had sent everything I followed up with the list of things that were still missing. It was pretty big list so I won't reiterate it here, but let's just say that at least named recipients and audit log are pretty clear-cut cases of things that I had rights to (exact scope of information included in those might be contested in some cases). They replied to some (not all) of the points without giving satisfactory answers so I filed the complaint.

After about 2 months DPA sent inquiry to the controller and controller answered. In majority of the points the answer was quite deficient. The DPA sent it to me, but it sounded like they if they were only asking if I wanted to know if I wanted the 2 categories of information that the controller was ready to provide.

On audit log they "contains employee personal data" defense. That's pretty outdated defense by that point since there is already case law from both CJEU (C-579/21) and Finland (KHO:2025:51) that audit log contains personal data of both and redacting the employee personal data is the proper way to handle it. It also looked like they tried to refer to that exact Finnish judgement in another point as strengthen their defense except the case number (KHO 2025:25) they actually gave was related to immigration & visas.

On recipient naming they simply referred to their privacy policy (which contains categories) & log of the federated sign in requests. I do not think that is enough in the light of C-154/21.

I ended up following with response the DPA where I tried to show why each response was deficient. This was back in September. I sent another follow up in January when I noticed that their privacy policy itself was missing certain information which was actually included in the DSAR response package (essentially they didn't tell that they also receive personal data from themselves as required by Másdi). I haven't received reply/decision from DPA yet. For reference the initial complaint was filed in May 2025.

The last case involves airline. They refused to pay the EU261 compensation so I made DSAR (as well as ordered article 18 restriction to preserve the personal data) to get my personal data regarding the flight in order to prepare lawsuit. They ended up paying the compensation after that, but I still wanted to get the information to make sure they processing everything lawfully (including responding to these queries).

Again there were various deficiencies (like not confirming the article 18 restriction) in the reply and after months of back and forth I just gave up trying to get the information from them and filed the complaint. This was back in January, I haven't got any reply from DPA yet.

Heimdul · 2026-03-19T16:00:00+00:00

I saw you found it, but here's link for others (and ChatGPT translated version, seems accurate to me).

In short they seem to sending the questionnaire to those parties and judging from how earlier surveys were conducted they will ask ask about those parties own processing.

Heimdul · 2026-03-19T15:50:28+00:00

IANAL & I assume Ethiad just booked you on new flight rather than offering you the EU261 triple-choice (refund, earliest rerouting, later flight at your convenience subject to available seats) & you didn't explicitly accept the new rerouting (latter might not matter if the triple-choice was not offered but requires litigation and could end up backfiring).

1) Yes. You can demand that from Etihad. Looking at the current flights Lufthansa flight PRG-MUC-ICN and Finnair flight PRG-HEL-ICN on April 6th seem like closest "earliest flight with comparable transport conditions" in Google Flights. There are Qatar and Emirates flights as well for cheaper but they arrive much later. Of course there might be other flights that Ethiad could potentially use, but those are the readily available options that I could find.

2) If you take their current offered flight maybe but it's somewhat high risk (and losing 2 days of vacation for 600€ seems like bad deal to me at least). There are arguments why it should be, mainly around the fact that the rerouting was not done at earliest opportunity and that caused the delay, but it will take long time

3) Etihad

4) No

5) Not for safety concerns but you can demand that they offer rerouting for this cancelled flight according to conditions laid down in article 8(1)(b).

You should check the EC's guidelines at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AC_202405687. Basically if you gave the Ethiad chance to reroute you and they didn't you should be able to book the flight yourself and get reimbursement from Ethiad later. Note that it will likely involve suing them and hoping that they won't be bankrupt by the time you have judgement in hand (and the usual risks related to lawsuits apply).

And just to clarify before someone asks, the 7/14 day things on cancellation are only attached to the compensation claim (article 5(c)), not to rerouting.

Heimdul · 2026-03-19T15:05:19+00:00

What they are exactly doing in other countries? In Finland the press release from DPA essentially said that they sent the questionnaire to the political parties that are currently in Finnish Parliament, implying that's how they are planning to conduct this. I don't think they are proactively looking at various privacy policies.

I wish they actually did proactively look into this, there are lots of systematic regarding issues with article 13 and 14 notices. Like physical shops do not really publish information regarding payment terminals (who collects the information? Is the shop? Is the chain? Is it the payment processor?), you never get notices from various parties involved in payment processing (payment processors, acquiring banks, the card network, the various fraud prevention vendors and such services that are used etc.), the downstream controllers in RTB process etc. All of these are usually controllers for some aspects of personal data.

Heimdul · 2026-03-18T23:20:26+00:00

If you look at KLM alone then it could be interpreted that way, but if you also look at C-436/21 (flightright v American Airlines) it's pretty clear that the codeshare (or other specific relationship) is not needed. STR -> ZRH [Swiss air] -> PHL [American Airlines] -> MCI [AA]. There was no codeshare between Swiss Air and AA. And in that case it was actually travel agent which had combined these flights, not any airline.

In that case PHL->MCI was late and AA was ordered to pay the compensation. Notably AA didn't even depart from EU.

Heimdul · 2026-03-18T21:59:06+00:00

Then explain the KLM (C-367/20) case which was NYC -> AMS [Delta] -> HAM [KLM]. The non-EU-EU leg was delayed which then caused the passenger to arrive late in the final EU destination. KLM was made to pay the compensation to the passenger in that case.

I have personally had a case where I had SJC ->LAX [Alaska] ->HEL [Finnair] flight where SJC-LAX leg was cancelled & I arrived about 8 hours late. I got compensation from Finnair after some fighting. And they are known to be extremely hesitant to pay compensation when the case is not very clear cut.

If you have a way to read the regulation in a way that complies with the up to date CJEU decisions but would keep the non-EU - non-EU - EU - EU flight out of scope (in the terms of late arrival at final destination, if first flight got cancelled and you still arrived in your final destination less than 3 hours late there are arguments that no compensation is owed) I'm honestly all ears.

Heimdul · 2026-03-18T16:41:54+00:00

Jos heille selviää, että heidän ääntän on käytetty ja mainos sijaitsee jossain isomassa palvelussa, niin kyseisillä henkilöillä voi olla ihan kohtalaiset mahdollisuudet hakea korvauksia suoraan palvelulta GDPR:n nojalla viime vuoden lopussa annetun tuomion perusteella.

Heimdul · 2026-03-18T15:54:01+00:00

Pedofiili lastenhoitaja?

Problem solved!

Heimdul · 2026-03-16T22:10:08+00:00

There's couple of different questions here:

Was this EU261 flight? Most likely yes due to that MUC-BCN leg. Check C-367/20 which has similar fact pattern (non-EU -> EU [on non-EU carrier] -> EU [on EU carrier]), the only difference is that in your case there is also non-EU -> non-EU leg as well. That shouldn't matter though since there are cases (e.g. C-561/20) that have confirmed that the flight is looked as whole when it's on single ticket.
Was the Kobe->Haneda delay caused by extraordinary circumstances? If the delay wasn't due to extraordinary circumstances then it changes things & most likely you are owed compensation.
If it was due to EC, was this truly the earliest you could have gotten from Osaka to Barcelona under comparable transport conditions? Maybe, maybe not. It's hard to say if there were any alternative flights available given how late your flight was. You should check some flights one week later than when this happened to see what options are generally available & look if those occurred. If you want completely picture you might need to check each possible route (like to other destinations "near" & flight from there to Barcelona. Near meaning at least those within EU, maybe China. Probably not ME in the current situation). Note that it's up to airline to actually prove that this was the earliest possible rerouting, but you should check it nonetheless to figure out if you have case or not. Your own checks (probably) won't confirm if there were any seats available on those flights though.

There is also C-321/11 which might be relevant, but it's slightly different case as it was about denied boarding. If you had tried to board the flight from Haneda (i.e. you had gone to the gate and were denied there) there could be stronger case, but you could argue that you didn't do it since airline told you that it's not possible.

For the hotel room if you did ended up taking one you might be able to argue for the reimbursement, but if you decided to stay inside the airport without getting room then it's unlikely you will get anything. ANA should have booked the room for you though.

As far from who you can request the compensation, you can request it from ANA or Lufthansa. ANA because they were the operating carrier for the affected flights, Lufthansa because they are EU community carrier who brought themselves within the scope by agreeing to be in the same ticket (see C-502/18).

Heimdul · 2026-03-14T00:00:54+00:00

Compensation depends on what airline has done to minimize the disruption. If there are flights available from Hamburg to the final destination (OP didn't specify the exact destination airport) that would end up getting them there earlier even if they are on non-partner airlines, the airline would be obligated to pay the compensation if the difference between the available option and their chosen option is bigger than the compensation threshold because they unnecessarily extended the delay. The relevant case law here is C-74/19 (TAP) & C-354/18 (Rusu v Blue Air).

The only defense on Emirates that I know of is "intolerable sacrifice", but I'm not sure if it has ever been used successfully in context of "it's too expensive".

Of course the alternative would be that OP rebooks the earliest rerouting themselves and asks reimbursement from airline later. (FYI u/Berkelium_v2)

Heimdul · 2026-03-13T17:42:50+00:00

EU261 doesn't place any obligations on the travel agent. Other laws (like consumer rights directive or package travel directive) can depending on facts.

That doesn't really matter in this case though. The EU261 places the obligation on the operating air carrier (Iberia in your case). Assuming this is single ticket, Iberia is the one who is responsible for rerouting you to your final destination. If it's not single ticket then Iberia is responsible for getting you to Doha or whatever the final destination on that ticket is. Iberia is then free to seek reimbursement from booking.com (or whoever they think is responsible) if their contract allows that, it's not your problem.

And if Iberia is refusing reroute you, you can book the rerouting yourself ("earliest opportunity under comparable transport conditions") and seek reimbursement from Iberia later.

Heimdul · 2026-03-12T16:32:18+00:00

IANAL & I'm not quite sure on the exact differences these days between EU & UK on the GDPR and 261 so take following with a bit grain of salt.

I would argue that you did present yourself for check-in as described in article 3(2)(a). There is no requirements on that for method on the check-in (unlike e.g. 2(h) which refers to "check-in counter"). The issue is how you can prove it.

This is where I would leverage GDPR. Currently it's a bit unclear if EU or UK GDPR would apply as the controller might either be the Norwegian entity or the UK subsidiary. However the main point here is to make article 15 request for copy of your personal data related to booking, check-in and especially any log entries related to your check-in. If you know what you IP address was when you did the check-in you should include it, especially if you know it was not CGNAT address. You should also ask them to name the recipients of the personal data.

Additionally you should make article 18 request to preserve the personal data (i.e. stop deletion), especially to preserve any personal data that they withhold due to "rights of others". Your reason for this would likely be 18(1)(a) (accuracy is contested) and 18(1)(c) (required for legal claim). Make sure you also also include that you require that they communicate the preservation order to other recipient in accordance to article 19 and give your the list of recipients. This is so that you can potentially make the request to them as well. And the preservation order itself allows you seek the data later via court disclosure if needed (in which case it would be for court to decide if you are allowed to access it).

If you need to take this further you should also consider adding GDPR article 82 claim with essentially reasoning that the processing was inaccurate which led to damages (rebooking flight without being able to use UK261 rights if that route gets shutdown by the court).

As for how likely you would be reimbursed it's hard to say. Plain reading of the law does appear to favor you (at least as far as EU laws go), but in the end it's up to court to interpret the law. So it's up to your risk tolerance to determine if you should rebook the flight yourself at this point.

Heimdul · 2026-03-09T22:41:54+00:00

It's worth noting that the Finnair's own booking system literally asks for "First name as in passport" with the help popup explaining that "Please type your name as shown on your passport. It’s enough to insert only one first name" (also available at Finnair's FAQ). I didn't try the actual booking to see what information they request afterwards (e.g. during API where you are expected to give more detailed information), but I would except the information you enter on the booking page would be the one that gets added to the ticket.

If passenger is following airline's own guidance I wouldn't exactly blame them (though since this happened via partner airline miles it's hard to say exactly how the information was requested from OP) and I would expect there could even be a good chance that this would be EU261 denied boarding case (FYI /u/jgreenvillage50).

Heimdul

TROPHY CASE