Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
I’m seeing significant misinterpretations of the CJEU’s newest GDPR judgment. The CJEU *did not say* today that simply seeing information on a mobile app is processing of personal data. Instead, it said that *the process by which a COVID certificate is scanned by a device and then interpreted to reveal a green checkmark or a […]
After some initial thoughts on Tuesday, here is a slightly expanded analysis of the “contract” legal ground assessment by the CJEU in its new Meta judgment (C-252/21). Once again, I hope this ruling will not be misapplied in practice – and that controllers who build personalisation into a service for valid reasons are not forced […]
Objectively indispensable”, that’s how the CJEU describes the threshold for processing of personaldata to be necessary for performance (or conclusion) of a contract under Art. 6(1)(b) GDPR. In its new Meta judgment (case 252/21), the Court of Justice examined many points of law, but it may be useful to other organisations to look at paragraphs […]
15 months, countless meetings with publishers, audience measurement providers, adtech players, personalized content companies, … With TCF 2.2 launched, time to reflect on the enormous privilege I had of being involved (and prominently so) in so many stages of the development of new iterations to such an important standard for the online ecosystem. My role […]