That draft GDPR Digital Omnibus is quite worth the read. Once the story gets out, I’ll be posting a summary of all the changes and some preliminary thoughts – but it’s a promising blend of data protection case law (+ mitigations of excessive interpretations that might be made of certain judgments), ePrivacy improvements and AI […]
The AI literacy point is very interesting. AI literacy is one of those odd obligations: on paper, it makes sense, but in practice it’s sadly often been used to offer training on AI usage principles without knowing which AI systems are actually (going to be) used. I’m keener on ensuring that any person using an […]
How can you reinforce your cyber resilience? Is a ransomware attack “force majeure” preventing contractual performance? Who is responsible and liable for cybersecurity (failures) in a company? I had the pleasure of taking part in a panel discussion organised by the Belgian Federation of Enterprises (VBO FEB) in which I was asked to speak on […]
The uncovering of a dataset with information on the movements and even domicile of European Commission officials is an important reminder that, as with every other technology or data point, location data can be abused. Since the news broke out, I have seen several seizing upon it to say that data brokers are inherently illegal […]
These excerpts from the Getty v Stability judgment will be interesting for data protection professionals to look at, not just copyright professionals: – Judge: “Stable Diffusion does not itself store the data on which it was trained” [para. 552 of the judgment] – Expert report: “Rather than storing their training data, diffusion models learn the […]
Just one month to go for comments on the EDPB’s new ePrivacy guidelines, so here’s a reminder of why you *should* respond if your company has digital activities: – The new EDPB guidelines concern the scope of Art. 5(3) of the ePrivacy Directive, which was never only about cookies but about the storing of information […]
New Belgian Data Protection Authority decision on video surveillance: don’t do permanent surveillance of employees. Questions remain, but without more background (name of the stores, history of theft within the stores etc.) it’s difficult to assess whether the BDPA was right in its assessment. The decision mentions the fact that cameras were deployed in 6 […]
Does your business use profile-based advertising / personalised advertising, whether as publisher, advertiser or adtech intermediary? You will want to tune in to the free webinar this Friday at noon CET in which I will be discussing key topics regarding the GDPR, DSA and ePrivacy rules and the “consent or pay” debate – as well […]
Don’t know the candidates, the selection criteria, or how the Irish DPC appointment committee was selected. Still I find it a bit unfortunate that a formal complaint is being placed based on a person’s past experience. Nothing in the complaint filed before the European Commission (irrespective of its (in)admissibility) demonstrates any actual conflict of interest. […]
This is a big one – the Polish Supreme Administrative Court confirms that cookies & IP addresses aren’t always personal data (even in case of use of Google Analytics), and the burden of proof that they are in specific circumstances rests on the national authority, not the controller. It’s another good application of the EU […]