Can't find what you're looking for? Try the search bar!
Now this says a lot: Traficom, the Finnish ePrivacy regulator, has disputed the EDPB’s interpretation of the scope of Art. 5(3) of the ePrivacy Directive in comments it submitted on the EDPB’s proposed ePrivacy Guidelines (in the words of Traficom, they have “some reservations” about “some aspects of the opinion that may lead to an […]
The Bindl judgment is significant. Some positives for controllers/processors: (i) hypothetical, unproven data transfers are not transfers (“the mere risk of access to personal data by a third country cannot amount to a transfer of data” – para. 135);(ii) repeating the principle (for EU Institutions’ non-contractual liability, but similar ones exist in most countries) that […]
Controversial op-ed of the day: Why do many EU-based authorities say that advertising cookies etc. require consent (yes, behavioural *and* contextual advertising)? How could those views evolve? Can digitaladvertising not be seen as strictly necessary for provision of the service explicitly requested by a user? � Here are some (personal) thoughts on these issues, with […]
First thoughts on the CJEU’s Mousse judgment (“is Mr/Mrs necessary?”): (i) alternative apparently required to each personalisation; (ii) data minimisation is inherent to the assessment of (strict) necessity; (iii) the risk of discrimination has an impact on a legitimate interest assessment. I’ll focus for now on (i). The CJEU appears to require the offering of […]
For anyone with an interest in ePrivacy, onlineadvertising, digital businesses or even computing in general, I highly recommend reading the comments that we had the privilege of working on with IAB Europe and national associations in relation to the EDPB’s proposed ePrivacy guidelines. Link to the IAB Europe press release: https://lnkd.in/ediZ4Cxq And here are comments […]
So… is the information “stored” and “accessed” through use of a CAPTCHA strictly necessary to the provision of the service explicitly requested by a user, namely the service of being able to submit a form? From the perspective of common interpretations of data protection authorities also in charge of ePrivacy enforcement, you would expect “no”, […]
Lots to digest in the Belgian Data Protection Authority’s latest decision, regarding a large data broker. One of the most important parts is its paragraph 100, which inadvertently raises the question of whether non-compliance with a data source’s terms of use or licence agreement can render a processing unlawful. The context: the data broker included […]
Last few days to comment on the game-changing ePrivacy guidelines of the EDPB. One issue examined for some clients is the inconsistency between the expanded scope of that provision (a rule regarding cookies and similar (active) information storage & access technologies, but now also covering nearly any interaction with a computing device *and* the passive […]
I saw another post like “want to use [content ABC] for free & legally? Use this ad bypasser”. This one was on how to play music on a big video platform by using a specific browser to avoid any “annoying ads”. Setting aside ethical concerns, is it really “legal”? Some (e.g. one of the most […]
Looking back + forwards, 4 big topics for me on LinkedIn in 2024 & likely still for 2025 are the following:– ePrivacy– “Consent or Pay”– AI & personal data– Cybersecurity The key ePrivacy topic was the European Data Protection Board’s guidelines on the technical scope of Art. 5(3) of the ePrivacy Directive – basically, “to […]