I’m not sure X/Y’s data protection practices are compliant” is not a justification for filing a complaint, says the Belgian DPA in a new decision, reminding data subjects that they should exercise their rights before a complaint or at least be able to show that an alleged non-compliance by a controller or processor somehow affects […]
Important comment by the Belgian Market Court in a new judgment, here on confidentiality of controller/processor documents vis-�-vis a complainant: “the general principle regarding the prohibition of the abuse of rights prevents a complainant [�] from using the complaint to obtain information that it would not be able to obtain lawfully by other means”. The […]
Great news about the EU-U.S. adequacy decision! But let’s remember that many organisations want a solution for global transfers, not just for the United States. While the EU-U.S. adequacy decision helps a lot, it is only part of the solution that organisations need. Let’s look at some of the other components. Another part of the […]
After some initial thoughts on Tuesday, here is a slightly expanded analysis of the “contract” legal ground assessment by the CJEU in its new Meta judgment (C-252/21). Once again, I hope this ruling will not be misapplied in practice – and that controllers who build personalisation into a service for valid reasons are not forced […]
Objectively indispensable”, that’s how the CJEU describes the threshold for processing of personaldata to be necessary for performance (or conclusion) of a contract under Art. 6(1)(b) GDPR. In its new Meta judgment (case 252/21), the Court of Justice examined many points of law, but it may be useful to other organisations to look at paragraphs […]
15 months, countless meetings with publishers, audience measurement providers, adtech players, personalized content companies, … With TCF 2.2 launched, time to reflect on the enormous privilege I had of being involved (and prominently so) in so many stages of the development of new iterations to such an important standard for the online ecosystem. My role […]
Looking for good practices re AI security? The new ENISA report can help. It shows the need for a broad strategy that takes into account various risks (including legal ones) regarding not just your machine-learning algorithm or other tool but also the data sources themselves and the expected output. Bias, for instance, is not a […]
We showed a year ago that the European Data Protection Board’s fining methodology would likely lead to much higher fines… but at the time it seemed like SMEs would not be that strongly affected. The newest version of the fines just seems to confirm that everyone will be affected, and even more so than before. […]
Good reflexes regarding datagovernance and aigovernance, what to expect from the upcoming legislation and how to prepare, those were some of the topics discussed during our panel on the EU draft AIAct and the DataAct at the Flanders AI Forum 2023. A few additional thoughts: “Data/AI isn�t our core business�? Every business involves data & […]
On the importance of knowing your data well: a recruiter just cold-contacted me about a position that would be perfect for “a data scientist such as yourself”. Hint: data scientist and data lawyer do not often mean the same thing* **. The GDPR and other data protection rules are there to ensure that if you […]