With its Russmedia judgment (C-492/23, Grand Chamber, 2 December 2025), the Court of Justice of the European Union (CJEU or Court) fundamentally reshapes how online marketplaces and other platforms hosting user-generated content must approach data protection compliance.

The decision does not introduce fundamentally new principles. Rather, it consistently combines elements that are well established in the Court’s case law: a broad and functional concept of controllership under the EU General Data Protection Regulation (GDPR), and a strict separation between data protection obligations and intermediary liability regimes. However, what makes this judgment particularly consequential is the way in which these principles are brought together and operationalized through a detailed catalogue of preventive obligations. This combination may prove challenging to implement for certain platform providers, particularly in high-volume or small-to-medium enterprise (SME) contexts.

Click here to read the full GT Alert.

Tags: CJEU, data protection, EU, European Court of Justice, GDPR, GT Insight
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dr. Philip Radlanski Dr. Philip Radlanski

Philip Radlanski is a Local Partner in the IP & Technology Practice Group. He advises clients ranging from early-stage start-ups to large corporations on matters relating to artificial intelligence (AI), data privacy, and cybersecurity. His work focuses on complex and innovative data-heavy AI

Philip Radlanski is a Local Partner in the IP & Technology Practice Group. He advises clients ranging from early-stage start-ups to large corporations on matters relating to artificial intelligence (AI), data privacy, and cybersecurity. His work focuses on complex and innovative data-heavy AI projects, often with cross-border aspects. He also assists with addressing cybersecurity issues, including data breach incident management and response. He gained strong recognition throughout Europe for his representation in the first German trial against a GDPR fine, in which he was able to achieve a reduction of the multimillion-euro fine by more than 90 percent.

As a driving force behind the firm’s AI practice in Germany, he guides companies through the complex and rapidly evolving regulatory landscape surrounding artificial intelligence — from the EU AI Act and sector-specific requirements to the intersection with data protection and intellectual property law.

With a strong understanding of the technical underpinnings of AI and a practical, business-oriented mindset, Philip is regularly sought after by multinational companies, technology providers, and start-ups developing or deploying AI systems. He advises on all aspects of AI governance — from risk assessments and compliance strategies to drafting internal policies and representing clients before regulatory bodies. Philip also works closely with in-house legal, compliance, and technical teams to promote effective AI oversight, foster privacy-by-design, and drive responsible, future-proof adoption of transformative technologies.

Philip is known for his pragmatic approach, which he was able to further refine through several months of secondments to the legal departments of a leading German internet service provider and an internationally operating online marketplace for food delivery. A further one-year secondment to the Global Privacy & Data Security Group of an international law firm in New York shaped Philip’s understanding of the U.S. market and U.S. clients.

Prior to practicing as an attorney, Philip worked as a research assistant at the University of Regensburg, Germany, and as a visiting tutor at King’s College London, UK. He also worked with the German Federal Film Board, the cybercrime division of the Berlin District Attorney’s Office, and for different international law firms in Berlin, New York, and Sydney.

He is a member of the German Association for the Protection of Intellectual Property and Copyright (GRUR), the International Technology Law Association (ITechLaw), and the Bauhaus Archive.

Read more about Dr. Philip RadlanskiPhilip's Linkedin Profile
Show more Show less
Photo of Dr. Jannis P. Dietrich Dr. Jannis P. Dietrich

Jannis Dietrich advises national and international companies on issues concerning the internet, technology, data protection, digitization and litigation. He combines his legal experience with his technical knowledge as a certified electronic technician for IT systems and consequently is now skilled in the interface…

Jannis Dietrich advises national and international companies on issues concerning the internet, technology, data protection, digitization and litigation. He combines his legal experience with his technical knowledge as a certified electronic technician for IT systems and consequently is now skilled in the interface of law and technology. The key areas of his practice are IT, copyright and licensing law, advice on digital and blockchain-based business models, as well as data protection, competition and consumer protection law.

Read more about Dr. Jannis P. DietrichJannis's Linkedin Profile
Show more Show less
Related Posts
EU-Flag
CJEU: First Request for Access May Be Rejected as Abusive Under GDPR
March 25, 2026
EU-Flag
EU-U.S. Data Transfer Pact Upheld; Possible Appeal Awaits
September 4, 2025
GDPR europe map lock data privacy
European Commission Adopts EU-U.S. Adequacy Decision
July 10, 2023