Can't find what you're looking for? Try the search bar!
Very good piece by Kristin Johnston on aigovernance and in particular how to start the process. One recommendation – building AI governance on top of existing privacy processes – is very relevant but you have to be careful about how you implement it. The key challenge is making sure it can be sufficiently distinct as […]
Very soon higher GDPR fines in Belgium? A recent judgment by the Court of Appeal of Brussels said that the Belgian DPA’s methodology for calculating fines was unclear, but that symbolic victory by one controller may create a significant risk for others… In a judgment in which it *confirmed* the Belgian DPA’s decision on the […]
New Belgian DPA decision, interesting on 3 points: 1. Confirmation of BDPA’s approach re “legal obligation” and “public interest” legal grounds 2. Re retention: the need to assess recidivism does not justify unlimited processing 3. Reference to EDPB’s newly updated GDPR fining guidelines (re factors affecting the amount of the fine) 1. The Order of […]
A must-watch: here is the recording of our fun CPDP2024 panel discussion on the EU data strategy (covering GDPR, DMA, AIAct, fundamental rights, PayOrOK and much more re data protection). The other panel participants were Patricia Vidal Martinez, Luca Bolognini and Rob van Eijk, and it was moderated by Cecilia Alvarez. Really fantastic stuff – […]
A must-watch: here is the recording of our fun CPDP2024 panel discussion on the EU data strategy (covering GDPR, DMA, AI Act, fundamental rights, Pay Or OK and much more re data protection). The other panel participants were Patricia Vidal Martinez, Luca Bolognini and Rob van Eijk, and it was moderated by Cecilia Alvarez. Really […]
A bit more pragmatism regarding user interfaces and “dark patterns”? According to a German court, a colour difference for accept/reject buttons is not (always) a dark pattern that deprives data subjects of agency. It’s not the first time this has been said, but to see it explicitly said in relation to Meta and a “blue” […]
Is your DPO overworked? Do certain requests from authorities fall through the cracks? You could be in breach of the GDPR, says the Belgian DPA in its newest decision. In this particular case, a DPO was working three days per week, and was the only person to have access to a particular e-mail address to […]
Practical checklist: good practices for vendor/supplier risk management inspired by GDPR, NIS2, Data Governance Act and DORA. The underlying question: what good practices do these EU laws highlight and transform into legal obligations in certain cases, and how can we combine them? This checklist is *not* a comprehensive list of best practices, but it should […]
Suddenly general audiences in the EU are hearing about AI legislation in the news, and high-risk systems present a risk to… privacy (really, that’s the only angle being put forward in some news outlets). As if the GDPR didn’t contain anything that can be (and is) used to manage the data protection aspects of AI […]
Consent or Pay” again – this time a recorded webinar! Behavioural vs contextual ads, freedom to conduct a business, flaws in the EDPB’s approach, lots of ground covered in this webinar! With Eva Jarbekk, Miko?aj Barczentewicz and Rob Corbet GDPR data protection ePrivacy privacy