Amazing turnout for our LinkedIn Live on the SRB ruling – here are the slides, and the replay is available. We tackled issues surrounding the fundamental concepts of the GDPR, the scope of obligations applicable to the use of pseudonymous data, even whether AI models involve the processing of personal data, and of course the […]
First look at SRB, on what is “personal data” and the relative nature of the concept. This part is all about how to determine if information relates to an “identifiable” natural person. The EU Court of Justice stresses the importance, in the case of pseudonymisation, of technical and organisational measures (TOMs) “to ensure that the […]
SRB: relative concept of personal data confirmed. [EDIT: the judgment is out and our webinar replay is linked to below] Here is a key excerpt from the press release: the Court of Justice has confirmed […] that pseudonymised data must not be regarded as constituting, in all cases and for every person, personal data for […]
Beyond the press release, what does the judgment actually say? Very interesting points raised by Theodore Christakis regarding the Latombe judgment on GDPR and the EU-U.S. Data Privacy Framework. Data protection
Why do I keep talking about the concept of “personal data”? From cases regarding privacy-friendly analytics to cases on equipment, from user preferences to pseudonymisation, many clients come to me with practical scenarios in which the recognition of an individual is irrelevant – sometimes even the very opposite of what an organisation is trying to […]
In law, the choice of words matters, and a given interpretation can mean the difference between a behaviour being permitted or prohibited. When some recently claimed that the Cologne Higher Regional Court might have misinterpreted one of the European Union’s newer data-related acts, the Digital Markets Act (DMA for short), the challenge to the judges’ […]
Belgian DPA: 100k EUR fine for a controller for not responding during 14 months to a data subject access request. [Decision of 23 August 2024; fine:
While I disagree with his conclusions, do read the post of Damien Desfontaines re the BfDI’s public consultation on personal data in AI models. Pity that it ends on 31 August, with the EU Court of Justice’s SRB judgment coming out on 4 September. I hope the BfDI takes a relativistic approach to the notion […]
One month into the summer consultation process (thanks EU Commission & others!), a few thoughts on the ICO’s online advertising consultation. There is still one month to respond to the “call for views” from the UK Information Commissioner’s Office (soon “Information Commission”) regarding its approach to regulating online advertising: https://lnkd.in/evScibNJ I cannot stress enough the […]
A recent Amsterdam District Court judgment on whether ID cards can be requested for data subject identification raises interesting points re GDPR and data minimisation – and how controllers can reach a satisfactory level of identification. Context: – A controller (C) had 2 processes for verifying the identity of data subjects making a request: (i) […]
