Can't find what you're looking for? Try the search bar!
I criticise them a lot for many things, notably their often dogmatic and not-so-pragmatic positions, but kudos to the European Data Protection Board for two things today: (i) they actually sent a reminder to participants for the “Political ads” stakeholder event of 27 March to ask if people wish to speak on particular topics or […]
Under which circumstances does the GDPR consider scientific research compatible with existing purposes of personal data processing? Recent positions by regulators and legislators show it is still a hot topic – one with major implications for R&D globally. Recital 159 of the GDPR states that “the processing of personal data for scientific research purposes should […]
Some thoughts (+ & -) on the EDPB & EDPS’s joint opinion on the GDPR & ePrivacy Digital Omnibus, part 1: + The overall tone seems constructive – On the definition of personal data (PD), I don’t think quoting the Scania/SRB situation of information being “indirectly” PD for a disclosing party (§16) helps the EDPB/EDPS’s […]
Very glad to see the EU Court of Justice confirm that EDPB binding decisions are challengeable, like the Advocate General had suggested beforehand. I commented the AG Opinion at the time, applauding it for its clear position in the topic. The CJEU’s reasoning is very similar to that of the AG: – “[the EDPB’s binding […]
An unintentional oversight? The proposed Digital Omnibus on the AI Act contains certain deadline extensions but a key one is missing, suggesting a disconnect between the text itself and the reality that organisations face. While many other aspects merit discussion (such as the yet unresolved overlap issues between the GDPR and the AI act), there […]
Not just a good excuse to brush up my limited German! Yesterday’s dual-language event in Zurich was an excellent blend of discussions regarding the concept of “personal data” and the tensions with data sharing frameworks. The juxtaposition of my opening keynote (in English) on case law on the notion of personal data (+ Digital Omnibus […]
What to expect from the EDPB and EDPS on 10 February re the Digital Omnibus on GDPR and ePrivacy? Today I had the privilege of attending an event organised by The Lisbon Council with a very select group of representatives of companies, industry associations, BEUC, the Commission and the EDPB. We discussed the Digital Omnibus […]
Great to see the European Data Protection Board listening to feedback! For their next stakeholder event, the EDPB is giving time to people to register their interest in participating – and it might even consider making a distinction between active and passive participants (speakers vs observers). Don’t dismiss this one just because it’s about a […]
Podcast alert: Almost an hour, but lots of topics about the GDPR & ePrivacy Digital Omnibus in the launch episode of the ADPO’s podcast (Irish Association of DPOs) Thanks to Dr Maria Moloney & Gonzalo Caro for having me on their inaugural podcast! Topics include the importance of a dialogue, sensitive categories of personal data, […]
When do contracts have to be provided in response to a data subject access request? And should a controller maintain a copy thereof to enable data subject requests? A new Belgian DPA decision deals with this issue, applying the EU Court of Justice’s CRIF judgment to the issue of bank account contracts. Article 15 GDPR […]