Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
My takeaways from the 100+ comment discussion following my post on whether the Crowdstrike incident is a “personal data breach” under the GDPR: 1. There are clearly two camps on this. I didn’t expect this level of opposition between two visions of what is a personal data breach. 2. One camp adheres to the views […]
Does training of AI systems involve the processing of personal data, and is it permitted under the GDPR? These were the two fundamental questions that I have already looked into in two previous articles: On the date of that second article, the Cologne Higher Regional Court (the Oberlandesgericht Köln – the Cologne HRC) delivered a […]
Part 2 of critical review of the Commission’s PayorOK decision on Meta & the DMA: now for the more GDPR-related part, on consent. As mentioned in part 1 ( https://lnkd.in/dvNKkjWk ), the European Commission (EC) draws lots from the EDPB’s Consent or Pay Opinion. [I was *very* critical of that Opinion – see https://lnkd.in/eddQ4yW8 ] […]
Not a “what ABC taught me about privacy” thing, but a man held on for dear life to the seat in front of him as the plane banked (normally) on my flight back from a great conference in Vilnius. It did bring me back to what I had been telling the hundreds of attendees to […]
Interesting case filed before the EU General Court by a person represented by noyb.eu, now published in the EU Official Journal. The complainants (the applicant + noyb) had sought access to the European Data Protection Board’s file concerning the EDPB’s Facebook-related binding decision of 5 December 2022. The EDPB refused to grant access, “on the […]
The Irish Data Protection Commission’s statement of 21 May 2025 “on Meta AI” (just like the judgment coming today in a German court case) provides a great excuse to talk briefly about GDPR legal grounds & AI model training, while I continue to work on the next part of my Better Regulation series (that next […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
Heated exchanges at our “Pay or OK” workshop yesterday at CPDP, in particular between Max Schrems, Peter Hense ???????? and Lex Zard on the one hand and Cecilia Alvarez, Dirk Auer and myself on the other hand, with Miko?aj Barczentewicz moderating and economic input from Garrett Johnson. Perhaps the overcrowded room without ventilation played its […]
Since November 2023*, I have been giving lots of thought to EDPB accountability – and how to challenge it. The recent General Court judgment setting aside Meta’s challenge to the Consent or Pay Opinion appears at odds with the Advocate General’s Opinion in the CJEU case regarding a WhatsApp binding decision of the EDPB. The CJEU […]
The General Court’s dismissal of the annulment action against the Consent or Pay Opinion may seem like an EDPB victory, but consider this: (i) The General Court just said “[t]hose are therefore opinions to which no special authority is attached” (para. 28). In other words, “it’s just paper”, or “what you say in there isn’t […]
