Can't find what you're looking for? Try the search bar!
Some key findings from the responses to the DMA-GDPR Interplay consultation, now made public by the Commission & EDPB: – Quite a few civil society responses are copies of one another. Going through the submissions, you’ll see many with identical titles (“uncompromised privacy”, “ensuring data portability is practical and secure”, …) and content. Fortunately there […]
The clear repudiation of an “absolute” concept of personal data has thrown a sharp focus on the process of pseudonymisation in the world of data protection. Through its SRB judgment of 4 September 2025, the Court of Justice of the European Union (CJEU) made it clear that personal data that has undergone pseudonymisation can be […]
On the Criteo decision of the French Conseil d’État: beyond the question of whether online identifiers are sufficient for identification (see below), this is a typical case of a court keeping fines 100% intact after questioning the scope of processing. It’s not the first time I have seen this: a court says “this isn’t all […]
Why banning minors from accessing social media etc is a bad idea: (i) While I think it is unjustified fear-mongering, several consumer rights organisations and privacy researchers say it will lead to mandated surveillance of Internet usage, and that it will concentrate power among the platforms that are able to deploy age verification effectively. I […]
Is “personal data” an asset? A study on human dignity & data protection has been released that on paper sounds like it should cover all the key topics. Its authors argue that individuals are “the primary right-holders in relation to the processing of their personal data” and that these “are dignity-relevant manifestations of the person […]
Interesting study on where human dignity and data protection come together, worth the read. I’m not convinced by some parts, though, as there is too much room left for subjectivity in the way certain things are worded. The authors suggest 7 guiding principles, but of particular interest to me were their suggested 6 limits to […]
Some thoughts on the leaked EU Council draft compromise re the GDPR parts of the Digital Omnibus: – This draft reads as a major lobbying win by data protection authorities and civil society. The EDPB would be given more power, the Commission no supervision, and a lot of the more business-friendly proposals would be removed […]
A new study on LLMs & personal data (by Dimitri Staufer and Kirsten Morehouse) can be read in two ways: 1. Some will see it as validation that LLMs process personal data because they seem to be capable of associating attributes with a person with a certain % of confidence. 2. I see it instead […]
[This is a translation of an op-ed in French that was published in the French journal Revue Politique on SRB and the Digital Omnibus, plus the newest EDPB & EDPS Joint Opinion on the topic. The original in French can be found on the Revue Politique website. + The banner image is a jest – […]
Pour les francophones: I was given the opportunity to write an op-ed for the French journal Revue Politique on SRB and the Digital Omnibus, plus the newest EDPB & EDPS Joint Opinion on the topic. The result? “Rendre le RGPD réaliste ? Les autorités ne le souhaitent qu’à moitié”. I’m working on a translation into […]
