Can't find what you're looking for? Try the search bar!
Global Privacy Control is great, why can’t that solve cookie fatigue in the EU? Could it be part of the Digital Omnibus 88b proposal?” A recent study examines the GPC in context of EU-level discussions on possible changes to the GDPR and ePrivacy rules. It’s an important question, as the idea of browser-level settings needs […]
I’ve always said we need a proper debate about key issues. Pity then to see how many one-sided panels there are at the upcoming CPDP conference in Brussels (often with panellists who criticise social media bubbles or deplore lack of diversity of opinion in other contexts). Diversity on panels is important, and perhaps we need […]
Why is the “personal data” definition aspect of the Digital Omnibus deemed controversial by some? And why are the alleged issues with the definition in fact absent? The Commission’s proposal is to codify recent case law of the EU Court of Justice, notably the SRB judgment (4 Sept 2025), by putting it into the law […]
How solid is your anonymisation? Is “good enough + contractual prohibition to re-identify” really sufficient? The Commission’s DMA team seems to think so, though its own idea of “good enough” relies on magic personal data scrubbers. Perhaps the Commission’s DMA team should read up again on GDPR case law on “personal data” (Breyer, Scania, SRB […]
Double standards: On the Digital Omnibus re GDPR, the EDPB & EDPS claim the Commission shouldn’t have the power to adopt implementing acts to “specify means and criteria to determine whether data resulting from pseudonymisation no longer constitutes personal data for certain entities”. Yet under the Digital Markets Act, no problem at all. The situations […]
DMA & data: real risk of over-sharing of identifiable, personal search query data. The European Commission has launched a public consultation on the measures it intends to impose on Google for compliance with Article 6(11) of the Digital Markets Act (DMA) – a specific obligation to anonymise search query data and share it with other […]
Biometrics & Digital Omnibus: EU Council’s draft compromise could cripple biometrics in *all* industries if unchanged. The use of biometrics for identity verification is often based on consent (Art. 9(2)(a) GDPR), and the Commission’s proposal added a consent exemption if “the biometric data or the means needed for the [identity] verification is under the sole […]
Possibly the most useless legal provision ever proposed? Re-reading it doesn’t diminish my surprise at the proposed Article 29a of the GDPR, suggested in the draft EU Council compromise, which would say the following: – “Controllers and processors may apply pseudonymisation to personal data in order to reduce the risks to the data subjects concerned […]
Guilty pleasure: pleading alongside (!) the Belgian Data Protection Authority not just once but three times over the past few months. I’m used to being on the other side, but when a decision isn’t against your client but a third party, you might have the unusual opportunity to support the authority’s position in Court. A […]
What does the EU Council’s draft Presidency compromise text on the GDPR & ePrivacy Digital Omnibus tell us? (1) The Council (for now) seems to recognise the need to clarify the concept of “personal data”. As a Recital 27a would provide: The identification of a natural person should be assessed *ex ante and in concreto*, […]