Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
That was fast – less than a week after a CJEU judgment stating that it may be necessary for a controller to reveal the identity of the persons (e.g. employees) who processed personal data (C-579/21), the Belgian DPA applies that reasoning (in a separate case from the one handled by the CJEU) and orders a […]
Today’s release of an artificialintelligence fairness toolkit (Veritas Toolkit v2.0) by the Monetary Authority of Singapore is an occasion to recall that there is no plug-and-play tool for everyone – but toolkits can be a useful source of inspiration. Released under an Apache 2.0 open source licence, the diagnosis tool (in Python) and assessment tool […]
The Irish Data Protection Commission’s statement of 21 May 2025 “on Meta AI” (just like the judgment coming today in a German court case) provides a great excuse to talk briefly about GDPR legal grounds & AI model training, while I continue to work on the next part of my Better Regulation series (that next […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
Why the “TCF is illegal” claim is incorrect (and why both sides are saying opposite things): 1. The claim for joint controllership of IAB Europe over further processing (and OpenRTB in particular) was denied. This is significant. Some plaintiffs expressed their disappointment with the CJEU’s position on this during a conference at the VUB (Free […]
The Market Court decision is out in the IAB Europe / TCF vs Belgian DPA case, and its conclusion is nuanced (as one of the few to have truly read the judgment, trust me on this): (i) TC Strings are (were?) personal data under TCF 2.0, (ii) IAB Europe is (was?) joint controller regarding TC […]
Heated exchanges at our “Pay or OK” workshop yesterday at CPDP, in particular between Max Schrems, Peter Hense ???????? and Lex Zard on the one hand and Cecilia Alvarez, Dirk Auer and myself on the other hand, with Miko?aj Barczentewicz moderating and economic input from Garrett Johnson. Perhaps the overcrowded room without ventilation played its […]
Since November 2023*, I have been giving lots of thought to EDPB accountability – and how to challenge it. The recent General Court judgment setting aside Meta’s challenge to the Consent or Pay Opinion appears at odds with the Advocate General’s Opinion in the CJEU case regarding a WhatsApp binding decision of the EDPB. The CJEU […]
The General Court’s dismissal of the annulment action against the Consent or Pay Opinion may seem like an EDPB victory, but consider this: (i) The General Court just said “[t]hose are therefore opinions to which no special authority is attached” (para. 28). In other words, “it’s just paper”, or “what you say in there isn’t […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
