Can't find what you're looking for? Try the search bar!
What is “specific consent”? The EDPB’s acceptance of “broad consent” and “dynamic consent” in its new Guidelines is interesting, but its focus on (a limited view of) “scientific research” is problematic. According to those new Guidelines: In the field of scientific research, it is possible for controllers to rely on the consent of a data […]
EDPB excluding R&D & product development from “scientific research” under the GDPR? “The results of the research are shared with other parties, for example by publication, or will be shared in the future, with due regard to legitimate limitations to access such as protection of intellectual property and trade secrets. (Newly published Guidelines 1/2026 on […]
What is the target audience of the EDPB’s DPIA template? Most who *need* to carry out DPIAs more often have their own templates/tools since 5-10 years. And does it anticipate the Digital Omnibus? Only in part, with the biggest work yet to come. Some comments: 1. On the issue of DPIA requirement screening, its section […]
Recently, there have been a few strange comments on the ePrivacy aspects of the Digital Omnibus. I’ll tackle browser-level settings later, but today I want to focus on one issue: what are the ePrivacy Directive consequences of the new Art. 88a proposal? Article 5(3) of the ePrivacy Directive (ePD) is known as the “cookie rule” […]
EDPB stakeholder event write-up: From “no one wants political ads” to “political parties have to be able to reach their local audience”, today’s topic wasn’t very sexy (the “processing of personal data for the targeting or delivery of political advertisements”) but it still was a colourful event. No bar fight unlike some previous stakeholder events, […]
What is “political advertising” – or not? And when is it permitted? Scope creep beyond legislative intent is a real danger, a risk *everyone* should care about (even if you don’t think political ads concern you). The descriptively named “EU Regulation on Transparency and Targeting of Political Advertising” (“TTPA” for short) has two key aims: […]
Is Brillen-Rottler truly nothing new, as some appear to be suggesting? This new judgment of the EU Court of Justice confirms that data subject access requests made with a demonstrable aim of obtaining an advantage other than the gaining of awareness about the processing of personal data can be rejected as abusive. Given the number […]
Judgment analysis: when is a data subject request abusive? Today’s judgment of the EU Court of Justice is significant, though its scope cannot be misused either. These excerpts are essential reading for data protection practitioners: (EDIT: English version now available, quotes updated) Para 27: “It cannot therefore be ruled out […] that a […]
Moving past soundbites, what matters in today’s child online safety debate? A great event last week examined the EU Commission’s plans for protecting children online – and whether a social media “delay” or ban might make sense (or not). The Commission’s approach involves work by a Special Panel on child safety online. It features 21 […]
What evolutions await data protection litigation & GDPR fines/sanctions in Belgium? Since Hielke Hijmans announced he is stepping down from his role as Director of the Litigation Chamber of the Belgian Data Protection Authority, hearings in ongoing cases have been pushed back until an as of yet unspecified date. It’s unclear whether it is feasible […]