A new study on LLMs & personal data (by Dimitri Staufer and Kirsten Morehouse) can be read in two ways: 1. Some will see it as validation that LLMs process personal data because they seem to be capable of associating attributes with a person with a certain % of confidence. 2. I see it instead […]
[This is a translation of an op-ed in French that was published in the French journal Revue Politique on SRB and the Digital Omnibus, plus the newest EDPB & EDPS Joint Opinion on the topic. The original in French can be found on the Revue Politique website. + The banner image is a jest – […]
Pour les francophones: I was given the opportunity to write an op-ed for the French journal Revue Politique on SRB and the Digital Omnibus, plus the newest EDPB & EDPS Joint Opinion on the topic. The result? “Rendre le RGPD réaliste ? Les autorités ne le souhaitent qu’à moitié”. I’m working on a translation into […]
I criticise them a lot for many things, notably their often dogmatic and not-so-pragmatic positions, but kudos to the European Data Protection Board for two things today: (i) they actually sent a reminder to participants for the “Political ads” stakeholder event of 27 March to ask if people wish to speak on particular topics or […]
Under which circumstances does the GDPR consider scientific research compatible with existing purposes of personal data processing? Recent positions by regulators and legislators show it is still a hot topic – one with major implications for R&D globally. Recital 159 of the GDPR states that “the processing of personal data for scientific research purposes should […]
Some thoughts (+ & -) on the EDPB & EDPS’s joint opinion on the GDPR & ePrivacy Digital Omnibus, part 1: + The overall tone seems constructive – On the definition of personal data (PD), I don’t think quoting the Scania/SRB situation of information being “indirectly” PD for a disclosing party (§16) helps the EDPB/EDPS’s […]
Very glad to see the EU Court of Justice confirm that EDPB binding decisions are challengeable, like the Advocate General had suggested beforehand. I commented the AG Opinion at the time, applauding it for its clear position in the topic. The CJEU’s reasoning is very similar to that of the AG: – “[the EDPB’s binding […]
An unintentional oversight? The proposed Digital Omnibus on the AI Act contains certain deadline extensions but a key one is missing, suggesting a disconnect between the text itself and the reality that organisations face. While many other aspects merit discussion (such as the yet unresolved overlap issues between the GDPR and the AI act), there […]
Not just a good excuse to brush up my limited German! Yesterday’s dual-language event in Zurich was an excellent blend of discussions regarding the concept of “personal data” and the tensions with data sharing frameworks. The juxtaposition of my opening keynote (in English) on case law on the notion of personal data (+ Digital Omnibus […]
What to expect from the EDPB and EDPS on 10 February re the Digital Omnibus on GDPR and ePrivacy? Today I had the privilege of attending an event organised by The Lisbon Council with a very select group of representatives of companies, industry associations, BEUC, the Commission and the EDPB. We discussed the Digital Omnibus […]
