First thoughts on the CJEU’s Mousse judgment (“is Mr/Mrs necessary?”): (i) alternative apparently required to each personalisation; (ii) data minimisation is inherent to the assessment of (strict) necessity; (iii) the risk of discrimination has an impact on a legitimate interest assessment. I’ll focus for now on (i). The CJEU appears to require the offering of […]
For anyone with an interest in ePrivacy, onlineadvertising, digital businesses or even computing in general, I highly recommend reading the comments that we had the privilege of working on with IAB Europe and national associations in relation to the EDPB’s proposed ePrivacy guidelines. Link to the IAB Europe press release: https://lnkd.in/ediZ4Cxq And here are comments […]
So… is the information “stored” and “accessed” through use of a CAPTCHA strictly necessary to the provision of the service explicitly requested by a user, namely the service of being able to submit a form? From the perspective of common interpretations of data protection authorities also in charge of ePrivacy enforcement, you would expect “no”, […]
Lots to digest in the Belgian Data Protection Authority’s latest decision, regarding a large data broker. One of the most important parts is its paragraph 100, which inadvertently raises the question of whether non-compliance with a data source’s terms of use or licence agreement can render a processing unlawful. The context: the data broker included […]
Last few days to comment on the game-changing ePrivacy guidelines of the EDPB. One issue examined for some clients is the inconsistency between the expanded scope of that provision (a rule regarding cookies and similar (active) information storage & access technologies, but now also covering nearly any interaction with a computing device *and* the passive […]
I saw another post like “want to use [content ABC] for free & legally? Use this ad bypasser”. This one was on how to play music on a big video platform by using a specific browser to avoid any “annoying ads”. Setting aside ethical concerns, is it really “legal”? Some (e.g. one of the most […]
Looking back + forwards, 4 big topics for me on LinkedIn in 2024 & likely still for 2025 are the following:– ePrivacy– “Consent or Pay”– AI & personal data– Cybersecurity The key ePrivacy topic was the European Data Protection Board’s guidelines on the technical scope of Art. 5(3) of the ePrivacy Directive – basically, “to […]
Here is an English version of the questions referred yesterday to the CJEU on the right to erasure or “right to be forgotten” in a case about a request for removal from a baptism register – an interesting balance of fundamental rights. The case, an appeal against a decision by the Belgian Data Protection Authority […]
Anyone who has been following the “AI models & personal data” discussion can probably guess which vote of an Art. 64(2) GDPR Opinion will be on the agenda on that day. Want to know more? Read up on the topic here: https://lnkd.in/eVE4NSwd data protection
In case of a complaint before a supervisory authority, will a settlement to withdraw the complaint stop an investigation? The Belgian Data Protection Authority examined the issue in its newest decision: 1. Context and procedure: A data subject complaints before the BDPA because a (large) search engine provider (as controller) has rejected a delisting/erasure request […]