Panel I’m moderating at RAID: EDPB Chair Anu Talus, Luxembourg CNPD President Tine A. Larsen, Deputy Head of Data Protection Unit at the Commission’s DG Justice Karolina Mojzesowicz, MEP Brando Benifei and Gibson Dunn Partner Ahmed Baladi. Topic: “Making Tech Legislation Work in Practice Time: noon CET on Tuesday 24 September Key topics: – What […]
The Belgian DPA’s newest rejection of a NOYB complaint for reasons of fictional mandates (yes, again) is a must-read for both complainants (or complainant organisations) and controllers/processors who receive complaints from representative organisations. Summary: “The method by which the complaint at the initiative of the representative seeks to raise a general predetermined practice, by addressing […]
No “reject all” button? Different colours in a cookie banner? Belgian DPA orders a change, based on “dark pattern” allegations and lack of freely given consent. Readers know I have my doubts on this, due because “in the physical world” we are led to make choices all the time based on product colours (some of […]
In today’s EU Official Journal, new questions submitted to the CJEU: What is “necessary” for performance of a contract under the GDPR, and can customary business practices be taken into account in this assessment? In languages such as French where gender traditionally has an influence on many words in a sentence and also on how […]
[Slide upload:] On Monday, at the invitation of the Belgian DPA’s Litigation Chamber, I spoke about key themes of the Litigation Chamber’s decisions over the past 5 years and about both the positive improvements in maturity of those decisions and the challenges resulting from the lack of appeals against certain decisions (leading to the creation […]
Another important CJEU judgment! Whether GDPR administrative fines are “criminal penalties” or not is a relevant issue for both insurability and indemnification clauses (e.g. “Y agrees to indemnify and hold Z harmless for data protection violations”). Today’s CJEU’s judgment in case C-27/22 strengthens the position of those who raised concerns regarding GDPR fine insurance and […]
Yes, GenerativeAI is what people are talking about. Yes, it presents specific risks (notably re disinformation). But from an aigovernance and liability perspective, the risks associated with predictive/discriminative AI are just as relevant. In her speech today re the State of the European Union, Ursula von der Leyen said that we should “not underestimate the […]
This should be fun! Didomi has invited me to share the floor with Max Schrems during a webinar on 24 Sept. on the Future of User Consent. I don’t always agree with Max or noyb.eu, whether in my personal conviction or through my professional work (in fact, I have/had a few litigation cases where we […]
In today’s Official Journal: Meta’s annulment action against the EDPB’s Consent or Pay Opinion (Opinion 08/2024). Here are the pleas: “In support of the action, the applicant relies on seven pleas in law. 1. First plea in law, alleging that either Article�64(2) GDPR is illegal and inapplicable pursuant to Article�277�TFEU, or it requires a restrictive […]
Clearly the EDPB considers its “Consent or Pay” Opinion to cover “targeted questions requiring a swift answer”, as its minutes from the June plenary reveal that the EDPB members agreed that “Article 64(2) opinions are better suited for targeted questions requiring a swift answer, while guidelines are better suited for matters with a larger scope”. […]