Can't find what you're looking for? Try the search bar!
[This is a translation of an op-ed in French that was published in the French journal Revue Politique on SRB and the Digital Omnibus, plus the newest EDPB & EDPS Joint Opinion on the topic. The original in French can be found on the Revue Politique website. + The banner image is a jest – […]
As I was in a meeting when the European Data Protection Board opened registration for its pseudonymisation stakeholder event of 12 December 2025, I missed the short (approx. 1h) registration window and they placed me on a waiting list instead – a pity given my frequent interventions on the EU Court of Justice’s SRB judgment […]
When I pointed out issues with the DMA-GDPR Guidelines & resulting risks for *all* controllers (not just gatekeepers), the EDPB’s Gwendal Le Grand said something to the effect of “Don’t just post about it, submit a response”. So here we go, a copy of the response submitted yesterday to the public consultation by the Commission […]
The ruling of the Court of Justice of the European Union (CJEU) of yesterday, 4 September 2025, in the EDPS v SRB case is significant – never mind the naysayers. It is the first time that the CJUE has clearly, explicitly said that if a dataset initially contains personal data but is pseudonymised, and that […]
In law, the choice of words matters, and a given interpretation can mean the difference between a behaviour being permitted or prohibited. When some recently claimed that the Cologne Higher Regional Court might have misinterpreted one of the European Union’s newer data-related acts, the Digital Markets Act (DMA for short), the challenge to the judges’ […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
After last week’s EU General Court judgment in the Irish DPC vs EDPB case, some claimed that this makes EDPB Guidelines and Opinions unassailable. (Yes, really.) That’s wrong. Let’s look at what the judgment means for the EDPB’s authority – and some issues it raises: 1/ Scope of EDPB binding decisions The judgment of the […]
If A pseudonymises personal data of person Z and sends it to B, is it personal data from B’s perspective, even if B is never allowed to get additional information [=AddInfo] allowing the identification of Z? The EDPB suggests “yes” in its latest guidance on pseudonymisation. Based on the definition of pseudonymisation under the GDPR, […]
Looking back + forwards, 4 big topics for me on LinkedIn in 2024 & likely still for 2025 are the following:– ePrivacy– “Consent or Pay”– AI & personal data– Cybersecurity The key ePrivacy topic was the European Data Protection Board’s guidelines on the technical scope of Art. 5(3) of the ePrivacy Directive – basically, “to […]
