Can't find what you're looking for? Try the search bar!
Really interesting insights from Greet Gysen from the EDPB at the Nordic Privacy and Innovation Summit in Stockholm. Part of the consequences of the “Helsinki statement” adopted by the European Data Protection Board are that the EDPB will be consulting stakeholders more in advance – this much we knew already. She also highlighted that the […]
Hopefully thought-provoking? My keynote on “Personal Data in a Digital World: What Are We Protecting?” kicked off the Nordic Privacy & Innovation Summit 2025 today in Stockholm. Among my topics: SRB, OT, ePrivacy, AI and AI model training, plus how to make the GDPR more workable (see slides, which show that data protection involves a […]
Privacy-enhancing technologies: “death by ePrivacy”? PETs were on the agenda of the IAPP DPC24 in Brussels this week, but few talked about the dangers to PETs caused by evolving positions of regulators. PETs (for ads with less data, content-focussed analytics, etc.) are being worked on by companies of all backgrounds and sizes and touted as […]
GDPR & Data Act Digital Omnibus: this is *NOT* the final version we expect the Commission to publish in two weeks (already made public by some outlets such as Contexte). But this way anyone keen on reading in more detail the points I summarised and commented in my previous post on the GDPR aspects (see […]
Key points from (& thoughts on) draft GDPR Digital Omnibus: First, Art. 4(1) GDPR would be completed with an SRB-like statement (great news), plus a mitigation of abusive interpretation of the Scania judgment (also great news). Art. 4(15) on “data concerning health” would also finally be more specific, avoiding some of the more awkward and […]
Some thoughts on today’s EDPB “Pay or Consent” stakeholder event – in practice one about the future of GDPR enforcement, consent, adtech and even the future of the Internet: – At times, things got heated in our breakout room between two camps, typically privacy rights campaigners + contextual ad solution providers on the one hand […]
That draft GDPR Digital Omnibus is quite worth the read. Once the story gets out, I’ll be posting a summary of all the changes and some preliminary thoughts – but it’s a promising blend of data protection case law (+ mitigations of excessive interpretations that might be made of certain judgments), ePrivacy improvements and AI […]
How can you reinforce your cyber resilience? Is a ransomware attack “force majeure” preventing contractual performance? Who is responsible and liable for cybersecurity (failures) in a company? I had the pleasure of taking part in a panel discussion organised by the Belgian Federation of Enterprises (VBO FEB) in which I was asked to speak on […]
The uncovering of a dataset with information on the movements and even domicile of European Commission officials is an important reminder that, as with every other technology or data point, location data can be abused. Since the news broke out, I have seen several seizing upon it to say that data brokers are inherently illegal […]
These excerpts from the Getty v Stability judgment will be interesting for data protection professionals to look at, not just copyright professionals: – Judge: “Stable Diffusion does not itself store the data on which it was trained” [para. 552 of the judgment] – Expert report: “Rather than storing their training data, diffusion models learn the […]