“We want to encourage publishers to deploy more privacy-preserving advertising such as contextual models, and we will explore where the Privacy and Electronic Communications Regulations (PECR) consent requirements are preventing such a shift”. Thank you, Information Commissioner’s Office, for showing openness to this issue. Regulators in the EU, the UK and even the USA have […]
Websites, web apps & cookies get a lot of attention, but the GDPR and ePrivacy rules also apply to other digital properties & technologies. To emphasise this, the CNIL published recommendations for mobile apps last September. During a free webinar on 3 February, Thomas Ghys and I will cover practical considerations relating to these recommendations, […]
If A pseudonymises personal data of person Z and sends it to B, is it personal data from B’s perspective, even if B is never allowed to get additional information [=AddInfo] allowing the identification of Z? The EDPB suggests “yes” in its latest guidance on pseudonymisation. Based on the definition of pseudonymisation under the GDPR, […]
IAB Europe has just published useful insights from many trade associations into the economic and legal rationale behind “consent or pay” models. These insights are a great summary of the key benefits and conditions under which these business models make sense, as well as related legal considerations. I know this well, as I have been […]
In London on 12 March for the IAPP DPI25 conference? Come to our great panel (ICO rep, UK lawyer, US lawyer & me) on “PETs, AI and Cookieless: Framework for New Adtech and Metrics Approaches”. It is quite the panel, with a super list of topics: Speakers:– Hannah Crowther (Partner for Data Protection & Privacy […]
Belgian DPA drops a bomb on a complaint filed by noyb.eu: in Belgium at least, says the BDPA, in order for noyb to have a legal interest in filing a complaint on behalf of data subjects, those data subjects cannot have been working for noyb at the time. The case in question concerned cookies and […]
Now this says a lot: Traficom, the Finnish ePrivacy regulator, has disputed the EDPB’s interpretation of the scope of Art. 5(3) of the ePrivacy Directive in comments it submitted on the EDPB’s proposed ePrivacy Guidelines (in the words of Traficom, they have “some reservations” about “some aspects of the opinion that may lead to an […]
The Bindl judgment is significant. Some positives for controllers/processors: (i) hypothetical, unproven data transfers are not transfers (“the mere risk of access to personal data by a third country cannot amount to a transfer of data” – para. 135);(ii) repeating the principle (for EU Institutions’ non-contractual liability, but similar ones exist in most countries) that […]
Controversial op-ed of the day: Why do many EU-based authorities say that advertising cookies etc. require consent (yes, behavioural *and* contextual advertising)? How could those views evolve? Can digitaladvertising not be seen as strictly necessary for provision of the service explicitly requested by a user? � Here are some (personal) thoughts on these issues, with […]
Very important leak – current version, and potentially final, of the AIAct. Read Luca Bertuzzi’s explanations of the context carefully!
