Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
On this fifth GDPR anniversary, remember that data protection principles are increasingly serving as inspiration for legal obligations regarding the use of “non-personal”/”corporate” data. What was good business practice is becoming a statutory obligation. So double-check that you have everything you *should* have, because soon you will be *required* to have it. Not that privacy […]
A new Belgian DPA decision on data minimisation and data protection by design + by default, this time against an international shipping & logistics company (ahem – certain quotes make its identity easy to find). The decision is short as it focusses solely on one issue: the obligation to create an account in order to […]
Here are 15 lessons based on an analysis of various data protection authority decisions across Europe, from a GDPR and cybersecurity article I just submitted after a reputed information security journal reached out. Cybersecurity compliance beyond best practices: key lessons: 1) Document your risk assessments and decisions. => If you deviate from common best practices, […]
This one will probably not come as a surprise, but it shows that the EDPB’s “Consent or Pay” Opinion does not represent the only possible view. [In fact, Thomas Fuchs, the Hamburg Data Protection Commissioner and one of the key instigators & authors of the EDPB’s Opinion, has explicitly distanced himself from it, saying that […]
Should businesses really consider making a product fully free, with no ads, nada? During the IAPP video call on the EDPB’s view on its “Consent or Pay” opinion, I was struck by the following instruction for businesses: “first, consider whether you can provide it [= the service/product] for free”. [see at 35m21s in the video […]
You know this will be an insightful discussion – possibly even lively! GDPR privacy data protection
Great events I’ll have the pleasure of speaking at in May: 1?? First, an IAPP web conference on adtech where I will be speaking alongside Dr. Sachiko Scheuing (with Joe Jones as moderator). “Adtech: Practical takeaways from recent EU developments”, on 7 May 2024 (4-5pm CET; 10-11am Eastern US). Organised by the IAPP – International […]
Here it goes – my (preliminary) in-depth analysis of the EDPB’s Opinion on “Pay or Consent”. Some objective elements: – This Opinion is 42 pages full of repetition, vague concepts and emotional sections – It is based on an aversion to profile-based advertising that is never properly explained – It does not take into account […]
*Lots* to be said about the EDPB’s Opinion 08/2024 on “Consent or Pay”. One thing that strikes me throughout the document is the insistence on a “Free Alternative Without Behavioural Advertising” (= contextual ads). [Edit: full analysis now live: https://lnkd.in/eddQ4yW8 ] The reasoning goes like this: – if you are a “large online platform”, the […]
Can GDPR administrative fines be imposed for infringements that are not the result of either intent or negligence? (e.g. excusable, non-negligent human error) The CJEU Advocate General Campos S�nchez-Bordona says “No”. Others have already reported on the consequences of the new Opinion in the Deutsche Wohnen case (C?807/21) from the perspective of whether an undertaking […]