Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
How solid is your anonymisation? Is “good enough + contractual prohibition to re-identify” really sufficient? The Commission’s DMA team seems to think so, though its own idea of “good enough” relies on magic personal data scrubbers. Perhaps the Commission’s DMA team should read up again on GDPR case law on “personal data” (Breyer, Scania, SRB […]
Double standards: On the Digital Omnibus re GDPR, the EDPB & EDPS claim the Commission shouldn’t have the power to adopt implementing acts to “specify means and criteria to determine whether data resulting from pseudonymisation no longer constitutes personal data for certain entities”. Yet under the Digital Markets Act, no problem at all. The situations […]
DMA & data: real risk of over-sharing of identifiable, personal search query data. The European Commission has launched a public consultation on the measures it intends to impose on Google for compliance with Article 6(11) of the Digital Markets Act (DMA) – a specific obligation to anonymise search query data and share it with other […]
Some key findings from the responses to the DMA-GDPR Interplay consultation, now made public by the Commission & EDPB: – Quite a few civil society responses are copies of one another. Going through the submissions, you’ll see many with identical titles (“uncompromised privacy”, “ensuring data portability is practical and secure”, …) and content. Fortunately there […]
The clear repudiation of an “absolute” concept of personal data has thrown a sharp focus on the process of pseudonymisation in the world of data protection. Through its SRB judgment of 4 September 2025, the Court of Justice of the European Union (CJEU) made it clear that personal data that has undergone pseudonymisation can be […]
When I pointed out issues with the DMA-GDPR Guidelines & resulting risks for *all* controllers (not just gatekeepers), the EDPB’s Gwendal Le Grand said something to the effect of “Don’t just post about it, submit a response”. So here we go, a copy of the response submitted yesterday to the public consultation by the Commission […]
GDPR & DMA at CEDPO: Another great discussion (and a mini bit of sparring too) with Gwendal Le Grand, together with Borja Martínez Corral and our moderator Natascha Gerlach. Readers know how often I get to write critically about the European Data Protection Board, and my first thoughts on their DMA-GDPR Guidelines drafted together with […]
Nothing like a last minute extra – just stepped in to moderate a great discussion with the excellent Herke Kranenborg and Yann Padova after their two co-speakers were unfortunately prevented from attending the CEDPO Conference (no, it wasn’t meant to be a “manel”). Great exchanges on the pragmatism and complications of the SRB judgment of […]
Not a gatekeeper? No matter – the DMA-GDPR Guidelines of the EDPB & European Commission are important: the EDPB’s input aims to ensure consistency in the interpretation of the GDPR. I’ll go through all 55 pages before next week’s great CEDPO panel with the EDPB’s own Gwendal Le Grand, Borja Martínez Corral and our moderator […]
Fun day! After moderating a RAID panel with as panelists EDPB Chair Anu Talus, Luxembourg CNPD President Tine A. Larsen, Deputy Head of Data Protection Unit at the Commission’s DG Justice Karolina Mojzesowicz, MEP Brando Benifei and Gibson Dunn Partner Ahmed Baladi, I then was a speaker in a debate alongside Max Schrems of noyb.eu, […]
