Can't find what you're looking for? Try the search bar!
Ursula von der Leyen just announced that the European age verification app is “technically ready”, touting the lack of data sharing, while the app’s website still describes its zero-knowledge proof implementation as “experimental” and as not having yet been peer-reviewed. Perhaps something needs updating by the European Commission? Many questions remain, because saying “no excuses […]
Not just a good excuse to brush up my limited German! Yesterday’s dual-language event in Zurich was an excellent blend of discussions regarding the concept of “personal data” and the tensions with data sharing frameworks. The juxtaposition of my opening keynote (in English) on case law on the notion of personal data (+ Digital Omnibus […]
NIS2 vs GDPR: fines/injunctions in Belgium to be challenged before different courts? While the Belgian legislator has gradually been entrusting one single, specialised court with highly regulatory cases (essentially regarding telecom rules, financial services rules and data protection rules), it appears for now *not* to have chosen to entrust that same court, the Belgian Market […]
NIS2: Looking forward to giving a 2-day workshop with Chris A. De Vuyst from the Centre for Cybersecurity Belgium (= Belgian cybersecurity authority) next week, further to tremendous preparatory work by Chris and Val�ry Vander Geeten. [Thanks again Val�ry as well as the Data Protection Institute for thinking of me in this respect!] The Network […]
How can you reinforce your cyber resilience? Is a ransomware attack “force majeure” preventing contractual performance? Who is responsible and liable for cybersecurity (failures) in a company? I had the pleasure of taking part in a panel discussion organised by the Belgian Federation of Enterprises (VBO FEB) in which I was asked to speak on […]
Yes, the EU Data Act is now largely applicable, but what are the actual concerns and opportunities? In my discussions with various organisations, there has been one common fear: does this mean that I have to make all data concerning connected devices, including business-confidential information, available to everyone? The answer, as often in law, is […]
Scarily powerful – don’t dismiss the risk of deep fakes for your company. With now tools like Deep Live Cam (“real time face swap and one-click video deepfake with only a single image”) making the rounds, it is imperative for you to educate *everyone* in your organisation about good reflexes regarding both cybersecurity and AI. […]
My takeaways from the 100+ comment discussion following my post on whether the Crowdstrike incident is a “personal data breach” under the GDPR: 1. There are clearly two camps on this. I didn’t expect this level of opposition between two visions of what is a personal data breach. 2. One camp adheres to the views […]
On this fifth GDPR anniversary, remember that data protection principles are increasingly serving as inspiration for legal obligations regarding the use of “non-personal”/”corporate” data. What was good business practice is becoming a statutory obligation. So double-check that you have everything you *should* have, because soon you will be *required* to have it. Not that privacy […]
Here are 15 lessons based on an analysis of various data protection authority decisions across Europe, from a GDPR and cybersecurity article I just submitted after a reputed information security journal reached out. Cybersecurity compliance beyond best practices: key lessons: 1) Document your risk assessments and decisions. => If you deviate from common best practices, […]