Can't find what you're looking for? Try the search bar!
Readers will know that some of the EDPB’s positions in its pseudonymisation guidelines are unconvincing or absolutist by nature. Now, IAB Europe and other associations in the digital ecosystem have submitted their feedback on these guidelines, and the feedback shows the acute need for a review of those guidelines. This response is well worth the […]
Belgian DPA’s direct marketing recommendation: great first attempt, but questionable positions included. First thoughts: [The BDPA has published a new direct marketing recommendation (replacing one of 5 years ago), and it’s a very good document. A public consultation is open until 10 May, and I hope some comments will deal with its shortcomings.] – Claim […]
The news from Italy and its temporary limitation of the processing by OpenAI of personaldata of Italian residents (re chatgpt and more) begs a few questions: 1) Did they just order that without prior contact? 2) Did they consider the OpenAI “privacy policy” – which I can see easily on the login/sign-up screen – was […]
IAB Europe’s letter to the EDPB on “Pay or Consent” is out – with considerations relating to the GDPR and broader data protection rules, fundamental rights, personal data as “consideration” for a contract (co-signatories: Alliance Digitale, IAB Italia & IAB Spain) Key points: – �The assessment of �Consent or Pay� models must remain coherent with […]
Time to talk about what can be done to improve the “cookie” rule! In Part I of this series on the opportunities and difficulties of today’s ePrivacy regime, I discussed the underappreciated and seemingly-easy-but-really-complex world of the anti-spam rule, Article 13 of the ePrivacy Directive (or ePD). This Part II is about a provision that […]
Three points of interest (also beyond Belgium) taken from the Belgian data protection authority’s new decision regarding bpost (postal services): – Legitimate interests can be a valid legal ground for direct marketing (this is already well known throughout the European Union, but it’s worth repeating, considering the opposite view that the Dutch Autoriteit Persoonsgegevens continues […]
PayOrOkay [I’ll surely get shot for writing this:] 39 members of the European Parliament write to Meta to say that the right to privacy is “no” [I assume “not”] “something you should have to purchase” and that “[s]tudies” [citation needed] “suggest that contextual advertising is nearly as profitable as surveillance-based advertising”. Honestly, I preferred the […]
New BDPA decision on data models + “research” as a compatible purpose. Two key questions: (i) If a data model is *no longer* based on a data subject’s data after an objection, can that data subject still file a complaint before a data protection authority? “Yes as long as that person can demonstrate an interest”, […]
While everyone is shouting “it’s for realz now”*, what will the AIAct actually mean for most organisations? Awareness (“AI literacy”) obligations and obligations to ensure that people know (i) if they are interacting with an AI system or (ii) whether they are subject to an AI system – and safeguards to ensure that no high-risk […]
Will data protection authorities be a top target for cybercriminals? Forced sharing of trade secrets is one of the consequences of yesterday’s CJEU judgment, in a way that in my view should prompt a serious question: how will organisations share those trade secrets with those supervisory authorities [SAs], and can the latter be trusted to […]
