-
Relative nature of personal data, consent for pseudonymisation? Dissecting the EDPS v SRB AG Opinion
Understanding what is and is not personal data is fundamental to the proper interpretation and enforcement of the most famous data protection law, the GDPR. If no personal data are being processed, the GDPR simply does not apply. Some have considered that “personal data” is an absolute concept, i.e. information can be “in and of…
-
Personalisation of digital audiovisual service + use of social media logins
Personalisation of digital audiovisual service + use of social media logins: Belgian DPA follows our arguments that contract can be a valid legal ground for personalised services and that terms of use of an online service can be a valid contract to that end, and it recognises that provided there is transparency & data minimisation,…
-
Irish DPC v EDPB: consequences of General Court judgment for EDPB’s authority
After last week’s EU General Court judgment in the Irish DPC vs EDPB case, some claimed that this makes EDPB Guidelines and Opinions unassailable. (Yes, really.) That’s wrong. Let’s look at what the judgment means for the EDPB’s authority – and some issues it raises: 1/ Scope of EDPB binding decisions The judgment of the…
-
Op-Ed: Data protection damages without proof, courtesy of shortcuts in legal reasoning (Case T-354/22, Bindl)
This op-ed was first published on EULawLive on 21 January 2025 and is now republished here, in accordance with the EULawLive guidelines & terms for guest authors. The header image is of course an easy pun about the implications of a broader application of judgment T-354/22 and how data subjects might be in a position…
-
Data Protection Day: podcast on AI & GDPR
Fun 45min interview with Legal4Tech on the GDPR, data protection concerns and AI, the concept of personal data and more – with a short video excerpt here. Listen to the full podcast on Spotify or Apple Podcasts.Happy Data Protection Day! Thanks Rosalia Anna D’Agostino, Giacomo Amodio & Giacomo Di Gregorio for the chat.
-
ICO strategy for online tracking: some recognition of ePrivacy/PECR business limitations
“We want to encourage publishers to deploy more privacy-preserving advertising such as contextual models, and we will explore where the Privacy and Electronic Communications Regulations (PECR) consent requirements are preventing such a shift”. Thank you, Information Commissioner’s Office, for showing openness to this issue. Regulators in the EU, the UK and even the USA have…
-
Webinar on mobile app compliance
Websites, web apps & cookies get a lot of attention, but the GDPR and ePrivacy rules also apply to other digital properties & technologies. To emphasise this, the CNIL published recommendations for mobile apps last September. During a free webinar on 3 February, Thomas Ghys and I will cover practical considerations relating to these recommendations,…
-
EDPB going broad on pseudonymisation
If A pseudonymises personal data of person Z and sends it to B, is it personal data from B’s perspective, even if B is never allowed to get additional information [=AddInfo] allowing the identification of Z? The EDPB suggests “yes” in its latest guidance on pseudonymisation. Based on the definition of pseudonymisation under the GDPR,…
-
IAPP UK 2025: panel on adtech
In London on 12 March for the IAPP DPI25 conference? Come to our great panel (ICO rep, UK lawyer, US lawyer & me) on “PETs, AI and Cookieless: Framework for New Adtech and Metrics Approaches”. It is quite the panel, with a super list of topics: Speakers:– Hannah Crowther (Partner for Data Protection & Privacy…