Another sound decision coming from Germany. Data subject rights are not a right to know everything about a business. If a controller *wants* to provide information beyond the limits of Art. 15 GDPR, that is *its* right to do so – but a data subject cannot compel disclosure of such information or documents. data protection […]
I’m looking forward to this exchange! The title is a reminder that if you are looking for “A critical analysis of the EDPB’s “Pay or Consent” Opinion” you can already read up on one here: https://lnkd.in/eddQ4yW8 Or more on the fundamental freedom to conduct a business, and its potential impact on the fundamental right to […]
This week our 2h (free) webinar on adtech & metrics, next week 3 (!) speaking slots at CPDP in Brussels. “Consent or Pay”, profile-based ads versus (or plus) contextual ads, AI and advertising, European Data Strategy, … Loads of content that I will be touching upon during all of these sessions! 1?? Join us for […]
AI-powered translation of the blurb of our AI-related talk on Tuesday 6 June in Antwerp: “Update on the AI Act and other regulations within Europe AI and Data Act: how to prepare for them? What impact does European legislation on data and AI have on the activities of Flemish companies and other organizations? And why […]
On this fifth GDPR anniversary, remember that data protection principles are increasingly serving as inspiration for legal obligations regarding the use of “non-personal”/”corporate” data. What was good business practice is becoming a statutory obligation. So double-check that you have everything you *should* have, because soon you will be *required* to have it. Not that privacy […]
A new Belgian DPA decision on data minimisation and data protection by design + by default, this time against an international shipping & logistics company (ahem – certain quotes make its identity easy to find). The decision is short as it focusses solely on one issue: the obligation to create an account in order to […]
Here are 15 lessons based on an analysis of various data protection authority decisions across Europe, from a GDPR and cybersecurity article I just submitted after a reputed information security journal reached out. Cybersecurity compliance beyond best practices: key lessons: 1) Document your risk assessments and decisions. => If you deviate from common best practices, […]
This one will probably not come as a surprise, but it shows that the EDPB’s “Consent or Pay” Opinion does not represent the only possible view. [In fact, Thomas Fuchs, the Hamburg Data Protection Commissioner and one of the key instigators & authors of the EDPB’s Opinion, has explicitly distanced himself from it, saying that […]
Should businesses really consider making a product fully free, with no ads, nada? During the IAPP video call on the EDPB’s view on its “Consent or Pay” opinion, I was struck by the following instruction for businesses: “first, consider whether you can provide it [= the service/product] for free”. [see at 35m21s in the video […]
You know this will be an insightful discussion – possibly even lively! GDPR privacy data protection