Can't find what you're looking for? Try the search bar!
The Irish DPC’s guide on accessing data on behalf of someone else remains relevant but incomplete. (It dates back to 2021 and has just been republished, in case anyone thought it sounded familiar.) It touches upon a very difficult issue – and one less clear-cut than the Irish DPC suggests. Yes, there are good reasons […]
This does not surprise me – as I was explaining yesterday to two podcast hosts, synthetic data is great on paper but it does not help with accuracy or real-life outliers/divergent situations. It’s easy to claim that synthetic data is the best way to comply with data minimisation and that “you don’t really need all […]
How a simple sentence in your privacy notice can restrict your digital marketing: the Belgian DPA issued an injunction to adapt digital marketing practices for a fitness club that had sent marketing e-mails to a club member, including for non-sporting events. The case highlights a classic misalignment between documentation and marketing practices, as well as […]
IAB Europe & TCF case: Belgian Market Court confirms Belgian DPA went too far in seeking enforcement of full range of measures against IAB Europe. Pleased to see the judgment of the Market Court/MC of Wednesday 7 January 2026, which set aside the BDPA’s decision of January 2023 (through which it had validated IAB Europe’s […]
With the festive season upon us, I may be posting a little less and instead singing Christmas songs with the family. So let’s look back at 2025 and anticipate 2026, based on interactions with my LinkedIn articles & posts: – Pseudonymisation & the concept of “personal data” were significant in 2025. 4 of my top […]
Appeal against Belgian DPA decision: important findings on legitimate interest, reasonable expectations and (non-)necessity of verifications of prior lawfulness. In a judgment of yesterday, the Market Court (Brussels Court of Appeal) lifted a reprimand for a company that had used personal data for marketing purposes. The legitimate interest considerations will be of great interest to […]
Podcast time again, with The Monopoly Report on the Digital Omnibus (focus on GDPR and ePrivacy changes). In this episode, Alan Chapell and I discuss the apparent intentions of the Commission, the link with case law of the EU Court of Justice, possible reactions from data protection regulators and more. Its publication this Wednesday ties […]
As I was in a meeting when the European Data Protection Board opened registration for its pseudonymisation stakeholder event of 12 December 2025, I missed the short (approx. 1h) registration window and they placed me on a waiting list instead – a pity given my frequent interventions on the EU Court of Justice’s SRB judgment […]
Myth-busting time! This week, the EDPB published its Opinion on AI models & personal data, and then the Italian authority revealed it had fined OpenAI. But unlike what some are suggesting, the Italian decision *predates* the EDPB Opinion by a month. So let’s dispel a few myths surrounding that Opinion: – “Game changer”? The positions […]
Full analysis likely to come in the coming days, but some first thoughts on the EDPB’s “AI models & personal data” Opinion. In essence, the EDPB doesn’t exclude anything entirely but leaves it up to national supervisory authorities to make a call in cases they are handling – and while it doesn’t prohibit relying on […]
