Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
Now that the Commission has withdrawn its proposal for an ePrivacy Regulation, where does that leave the ePrivacy Directive and the issues organisations face? Over the past 7-8 years, a lot has been said about the proposed ePrivacy Regulation. Intended as both a modernisation of the ePrivacy Directive and a manner of getting to (more) […]
EDPB vs administrative law: Reading the EDPB’s Pseudonymisation Guidelines once more (for the public consultation), the question of “why?” keeps repeating in my mind. Why use certain wording, why publish the Guidelines now? The list of CJEU judgments the Guidelines contradict is long already (Breyer, Scania, IAB Europe), and now the Advocate General’s Opinion in […]
Yesterday, I had the pleasure of giving a 5h presentation on the latest case law on the GDPR and other data protection legislation at various levels (Belgium, other EU countries, the Court of Justice and the European Court of Human Rights) to Data Protection Officers from a broad range of organisations and companies. The past […]
After last week’s EU General Court judgment in the Irish DPC vs EDPB case, some claimed that this makes EDPB Guidelines and Opinions unassailable. (Yes, really.) That’s wrong. Let’s look at what the judgment means for the EDPB’s authority – and some issues it raises: 1/ Scope of EDPB binding decisions The judgment of the […]
Contextual ads > targeted ads”? Often this approach refers to one Dutch broadcaster’s (misinterpreted) story and mistaken assumptions that “contextual” means “no data”. Now for the opposite story from Belgium: the news website Tweakers tried an allegedly “tracking-free” contextual ad system since May 2022 but announced yesterday it was not economically viable and would be […]
If A pseudonymises personal data of person Z and sends it to B, is it personal data from B’s perspective, even if B is never allowed to get additional information [=AddInfo] allowing the identification of Z? The EDPB suggests “yes” in its latest guidance on pseudonymisation. Based on the definition of pseudonymisation under the GDPR, […]
Now this says a lot: Traficom, the Finnish ePrivacy regulator, has disputed the EDPB’s interpretation of the scope of Art. 5(3) of the ePrivacy Directive in comments it submitted on the EDPB’s proposed ePrivacy Guidelines (in the words of Traficom, they have “some reservations” about “some aspects of the opinion that may lead to an […]
Controversial op-ed of the day: Why do many EU-based authorities say that advertising cookies etc. require consent (yes, behavioural *and* contextual advertising)? How could those views evolve? Can digitaladvertising not be seen as strictly necessary for provision of the service explicitly requested by a user? � Here are some (personal) thoughts on these issues, with […]
For anyone with an interest in ePrivacy, onlineadvertising, digital businesses or even computing in general, I highly recommend reading the comments that we had the privilege of working on with IAB Europe and national associations in relation to the EDPB’s proposed ePrivacy guidelines. Link to the IAB Europe press release: https://lnkd.in/ediZ4Cxq And here are comments […]
So… is the information “stored” and “accessed” through use of a CAPTCHA strictly necessary to the provision of the service explicitly requested by a user, namely the service of being able to submit a form? From the perspective of common interpretations of data protection authorities also in charge of ePrivacy enforcement, you would expect “no”, […]
