Can't find what you're looking for? Try the search bar!
Here is an English version of the questions referred yesterday to the CJEU on the right to erasure or “right to be forgotten” in a case about a request for removal from a baptism register – an interesting balance of fundamental rights. The case, an appeal against a decision by the Belgian Data Protection Authority […]
Anyone who has been following the “AI models & personal data” discussion can probably guess which vote of an Art. 64(2) GDPR Opinion will be on the agenda on that day. Want to know more? Read up on the topic here: https://lnkd.in/eVE4NSwd data protection
In case of a complaint before a supervisory authority, will a settlement to withdraw the complaint stop an investigation? The Belgian Data Protection Authority examined the issue in its newest decision: 1. Context and procedure: A data subject complaints before the BDPA because a (large) search engine provider (as controller) has rejected a delisting/erasure request […]
The new French fine against Orange for notably displaying ads among a list of e-mails is a misstep, in my view. It builds upon a rare legal misstep of the CJEU, a case in which the highest EU judges introduced subjectivity in an ePrivacy provision that was built around objective criteria. I am speaking about […]
Now for a different “Consent or Pay” anecdote (not mine though!): a night club tells those trying to get in that they need to download an app and scan a code after registering. It later turns out the alternative was to pay 10�. Is this “Pay or OK” in relation to non-digital services? The context […]
Newest Belgian DPA decision confirms that “data breach” is not always “GDPR infringement”, in a decision that (i) suggests good practices so that the data breach response does not itself become a GDPR infringement and (ii) echoes (without quoting) the CJEU’s cybersecurity judgment of 14 December 2023 (Natsionalna agentsia za prihodite). � Context: Further to […]
What should you urgently do during the first two weeks of 2024? Respond to the European Data Protection Board’s public consultation on ePrivacy. Why? Every single interaction with information on a computer or information sent over the Internet will require a justification or consent, following the EDPB’s proposed guidelines on the technical scope of Art. […]
The Belgian Data Protection Authority has adopted a new decision that applies the principles on automated decision-making set out by the CJEU in its SCHUFA I decision of 7 December 2023. Some specific considerations: – This decision is a “prima facie” one, i.e. not yet a full decision on the merits, to order the controller […]
Belgian Data Protection Authority moving towards more judicial approach? In a newly adopted law, the Belgian legislator makes various changes to BDPA, notably requiring the President of the Litigation Chamber to be “a magistrate” and increasing the Litigation Chamber’s power to adopt interim decisions. For over 4 years now, Hielke Hijmans has been in charge […]
Another (Austrian) decision showing the pressing need for a better ePrivacy approach. “[C]ookies set by the Google reCAPTCHA service are not necessary for the operation of a website […] regardless of the fact that preventing bot input is advantageous for website operators. The implementation of reCAPTCHA is not technically necessary for the operation of the […]