PayOrOkay [I’ll surely get shot for writing this:] 39 members of the European Parliament write to Meta to say that the right to privacy is “no” [I assume “not”] “something you should have to purchase” and that “[s]tudies” [citation needed] “suggest that contextual advertising is nearly as profitable as surveillance-based advertising”. Honestly, I preferred the […]
New BDPA decision on data models + “research” as a compatible purpose. Two key questions: (i) If a data model is *no longer* based on a data subject’s data after an objection, can that data subject still file a complaint before a data protection authority? “Yes as long as that person can demonstrate an interest”, […]
While everyone is shouting “it’s for realz now”*, what will the AIAct actually mean for most organisations? Awareness (“AI literacy”) obligations and obligations to ensure that people know (i) if they are interacting with an AI system or (ii) whether they are subject to an AI system – and safeguards to ensure that no high-risk […]
Will data protection authorities be a top target for cybercriminals? Forced sharing of trade secrets is one of the consequences of yesterday’s CJEU judgment, in a way that in my view should prompt a serious question: how will organisations share those trade secrets with those supervisory authorities [SAs], and can the latter be trusted to […]
Podcast episode on GDPR (“what is personal data?”), ePrivacy (“what requires consent? or not?”), adtech (TCF notably) and “Pay or OK” – a fantastic conversation with Alan Chapell on The Monopoly Report. So much still to talk about, so we’ll see if a follow-up comes! Here are some links (42min): – on the Monopoly Report […]
CJEU confirms in new judgment that if you use automated decision-making, you are not required to reveal your algorithm(s) to data subjects (para. 59), but you might be required to “inform the data subject of the extent to which a variation in the personal data taken into account would have led to a different result” […]
Now that the Commission has withdrawn its proposal for an ePrivacy Regulation, where does that leave the ePrivacy Directive and the issues organisations face? Over the past 7-8 years, a lot has been said about the proposed ePrivacy Regulation. Intended as both a modernisation of the ePrivacy Directive and a manner of getting to (more) […]
Want to learn about mobile app reflexes re GDPR + ePrivacy compliance, and fancy hearing about both the legal and technical aspects and how they interact? Watch the recording of the webinar that Thomas Ghys and I gave today (1h). We talk in it about the CNIL recommendations re mobile apps, what regulators are likely […]
EDPB vs administrative law: Reading the EDPB’s Pseudonymisation Guidelines once more (for the public consultation), the question of “why?” keeps repeating in my mind. Why use certain wording, why publish the Guidelines now? The list of CJEU judgments the Guidelines contradict is long already (Breyer, Scania, IAB Europe), and now the Advocate General’s Opinion in […]
Yesterday, I had the pleasure of giving a 5h presentation on the latest case law on the GDPR and other data protection legislation at various levels (Belgium, other EU countries, the Court of Justice and the European Court of Human Rights) to Data Protection Officers from a broad range of organisations and companies. The past […]
