Not convinced by the reasoning of CJEU Advocate General Szpunar in the Inteligo Media case on the notion of “direct marketing”. Why? (i) The reasoning on Art. 13(2) of the ePrivacy Directive (ePD) seems flawed. The AG suggests that “Article 13(2) [ePD] deals comprehensively with the question of consent” (para. 50) and that its lex specialis […]
A step towards EDPB accountability? Advocate General sides with WhatsApp in CJEU case on whether EDPB binding decisions can be challenged directly. Sure, it’s “just” an AG Opinion, but it’s well researched and argued. What it says: 1. What is a challengeable act? The AG says that some circumstances are *irrelevant* to assessing whether an […]
NOYB-instigated Belgian DPA decision overturned on appeal for abuse of data subject rights. Key excerpt below, but paragraphs 29-38 of the judgment of the Market Court will be of interest to anyone facing data protection / GDPR complaints that are coordinated by litigating organisations – though the same reasoning may not be accepted in all […]
7 points after giving another in-depth presentation to global businesses on the path to NIS2 compliance (with a flavour of DORA and GDPR): (i) Having a broad enough team (“multidisciplinary” / “multi-stakeholder” / however you wish to call it) is not easy for many organisations, irrespective of their size (this is nothing new, but it […]
Readers will know that some of the EDPB’s positions in its pseudonymisation guidelines are unconvincing or absolutist by nature. Now, IAB Europe and other associations in the digital ecosystem have submitted their feedback on these guidelines, and the feedback shows the acute need for a review of those guidelines. This response is well worth the […]
Belgian DPA’s direct marketing recommendation: great first attempt, but questionable positions included. First thoughts: [The BDPA has published a new direct marketing recommendation (replacing one of 5 years ago), and it’s a very good document. A public consultation is open until 10 May, and I hope some comments will deal with its shortcomings.] – Claim […]
The news from Italy and its temporary limitation of the processing by OpenAI of personaldata of Italian residents (re chatgpt and more) begs a few questions: 1) Did they just order that without prior contact? 2) Did they consider the OpenAI “privacy policy” – which I can see easily on the login/sign-up screen – was […]
IAB Europe’s letter to the EDPB on “Pay or Consent” is out – with considerations relating to the GDPR and broader data protection rules, fundamental rights, personal data as “consideration” for a contract (co-signatories: Alliance Digitale, IAB Italia & IAB Spain) Key points: – �The assessment of �Consent or Pay� models must remain coherent with […]
Time to talk about what can be done to improve the “cookie” rule! In Part I of this series on the opportunities and difficulties of today’s ePrivacy regime, I discussed the underappreciated and seemingly-easy-but-really-complex world of the anti-spam rule, Article 13 of the ePrivacy Directive (or ePD). This Part II is about a provision that […]
Three points of interest (also beyond Belgium) taken from the Belgian data protection authority’s new decision regarding bpost (postal services): – Legitimate interests can be a valid legal ground for direct marketing (this is already well known throughout the European Union, but it’s worth repeating, considering the opposite view that the Dutch Autoriteit Persoonsgegevens continues […]
