The Court of Justice of the European Union (CJEU) ruled that pseudonymized data is not always considered personal data, depending on the context and the likelihood of identification. The disclosing controller must assess whether the data is personal at the time of collection and inform individuals about recipients of the data. This ruling clarifies the application of data protection laws to pseudonymized data and emphasizes the importance of transparency obligations.