Can't find what you're looking for? Try the search bar!
As I was in a meeting when the European Data Protection Board opened registration for its pseudonymisation stakeholder event of 12 December 2025, I missed the short (approx. 1h) registration window and they placed me on a waiting list instead – a pity given my frequent interventions on the EU Court of Justice’s SRB judgment […]
NIS2 vs GDPR: fines/injunctions in Belgium to be challenged before different courts? While the Belgian legislator has gradually been entrusting one single, specialised court with highly regulatory cases (essentially regarding telecom rules, financial services rules and data protection rules), it appears for now *not* to have chosen to entrust that same court, the Belgian Market […]
NIS2: Looking forward to giving a 2-day workshop with Chris A. De Vuyst from the Centre for Cybersecurity Belgium (= Belgian cybersecurity authority) next week, further to tremendous preparatory work by Chris and Val�ry Vander Geeten. [Thanks again Val�ry as well as the Data Protection Institute for thinking of me in this respect!] The Network […]
GDPR & Data Act Digital Omnibus: this is *NOT* the final version we expect the Commission to publish in two weeks (already made public by some outlets such as Contexte). But this way anyone keen on reading in more detail the points I summarised and commented in my previous post on the GDPR aspects (see […]
Key points from (& thoughts on) draft GDPR Digital Omnibus: First, Art. 4(1) GDPR would be completed with an SRB-like statement (great news), plus a mitigation of abusive interpretation of the Scania judgment (also great news). Art. 4(15) on “data concerning health” would also finally be more specific, avoiding some of the more awkward and […]
How can you reinforce your cyber resilience? Is a ransomware attack “force majeure” preventing contractual performance? Who is responsible and liable for cybersecurity (failures) in a company? I had the pleasure of taking part in a panel discussion organised by the Belgian Federation of Enterprises (VBO FEB) in which I was asked to speak on […]
Amusing settlement decision by the Belgian DPA published yesterday: 500 EUR & 250 EUR respectively, plus adaptations to policies and procedures, so that when people book a table in a given restaurant by phone their data isn’t included automatically in a third-party table booking system and then used to send commercial e-mails. The lesson? If […]
Better Regulation: Rethinking (or getting rid of?) the ePrivacy Directive” – going past the soundbites, this is a hard look at the ePrivacy rules and whether they should still exist today. Readers will know I have often criticised the European Data Protection Board’s views on Article 5(3) of the ePrivacy Directive (the “cookie” rule) because […]
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring […]
On this fifth GDPR anniversary, remember that data protection principles are increasingly serving as inspiration for legal obligations regarding the use of “non-personal”/”corporate” data. What was good business practice is becoming a statutory obligation. So double-check that you have everything you *should* have, because soon you will be *required* to have it. Not that privacy […]
