So consent will be needed for contextual ads? Why limit ourselves then?” Top 5 concerns and questions shared with me by various clients re new EDPB�ePrivacy�guidelines: 1. “Do they even understand the technology?”: Overbroad notion of “access” is regulatory activism at its worst, coupling active notion of “access” to passive receipt, conflating individual entering into […]
Last week, I questioned the European Data Protection Board’s very authority to adopt its newly published Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive (i.e. the so-called “cookie” rule), guidelines according to which those rules should also apply to a broad range of other technologies and information, such as IP addresses, pixels […]
“They will cover many scenarios”, said an EDPB member informally a couple of days ago, talking about what would become the EDPB’s new Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive (subject to a public consultation – more on that later). After having gone through them in detail, I cannot help but […]
The relative nature of “personal data” strikes again (or does it?). In today’s judgment in C-319/22 (Scania), the CJEU has seemingly confirmed that whether information is “personal data” or not depends on the entity/person processing it, like the General Court had done in other cases. This case asks whether a vehicle identification number (VIN) is […]
Pro tip: next time you want to let an AI bot join a group call on your behalf, make sure that all participants are OK with it. (In recent calls within the digitalecosystem and adtech industry, it’s like every week we have to boot a new transcription bot that was invited by a different person […]
Looking forward to seeing many contacts next week at the IAPP Congress in Brussels – let me know if you would like to meet up on the Wednesday or Thursday. On Tuesday 14 November we are giving an invite-only workshop to select companies on Tomorrow’s Data Challenges, with discussions on topics such as dark patterns, […]
“Pay or data” and cookie walls are clearly controversial topics, but I feel something needs to be said regarding their justification – else LinkedIn and the broader web may seem to be a very anti-business environment from a data protection perspective, based on various posts and articles I have seen in recent months. Running a […]
I’m seeing significant misinterpretations of the CJEU’s newest GDPR judgment. The CJEU *did not say* today that simply seeing information on a mobile app is processing of personal data. Instead, it said that *the process by which a COVID certificate is scanned by a device and then interpreted to reveal a green checkmark or a […]
Fines aren’t the only possible sanction in case of an infringement of data protection rules – prison is also a possibility in certain countries. That’s exactly the outcome of a case in France, where a former head of HR received a six-month (suspended) prison sentence yesterday. In that case, the person in question had created […]
100% GDPR compliant” claims seem to have made a big comeback with the flurry of GenerativeAI tools being released*. As a reminder, claiming that a software solution is GDPR compliant is a marketing trick at best and misleading at worst. First, if you’re not sure what the sources are on which a particular AI system […]
