Tag: GDPR
-
“Better Regulation”: Rethinking (or getting rid of?) the ePrivacy Directive
The European Commission’s announcement that it will consider simplifying regulatory regimes, notably in relation to data and technology, seems to open Pandora’s box. Is it a chance to draw lessons from what works well and what works less well? In this series on “Better Regulation” in relation to the digital economy, I will be exploring…
-
Relative nature of personal data, consent for pseudonymisation? Dissecting the EDPS v SRB AG Opinion
Understanding what is and is not personal data is fundamental to the proper interpretation and enforcement of the most famous data protection law, the GDPR. If no personal data are being processed, the GDPR simply does not apply. Some have considered that “personal data” is an absolute concept, i.e. information can be “in and of…
-
Personalisation of digital audiovisual service + use of social media logins
Personalisation of digital audiovisual service + use of social media logins: Belgian DPA follows our arguments that contract can be a valid legal ground for personalised services and that terms of use of an online service can be a valid contract to that end, and it recognises that provided there is transparency & data minimisation,…
-
Irish DPC v EDPB: consequences of General Court judgment for EDPB’s authority
After last week’s EU General Court judgment in the Irish DPC vs EDPB case, some claimed that this makes EDPB Guidelines and Opinions unassailable. (Yes, really.) That’s wrong. Let’s look at what the judgment means for the EDPB’s authority – and some issues it raises: 1/ Scope of EDPB binding decisions The judgment of the…
-
Op-Ed: Data protection damages without proof, courtesy of shortcuts in legal reasoning (Case T-354/22, Bindl)
This op-ed was first published on EULawLive on 21 January 2025 and is now republished here, in accordance with the EULawLive guidelines & terms for guest authors. The header image is of course an easy pun about the implications of a broader application of judgment T-354/22 and how data subjects might be in a position…
-
Data Protection Day: podcast on AI & GDPR
Fun 45min interview with Legal4Tech on the GDPR, data protection concerns and AI, the concept of personal data and more – with a short video excerpt here. Listen to the full podcast on Spotify or Apple Podcasts.Happy Data Protection Day! Thanks Rosalia Anna D’Agostino, Giacomo Amodio & Giacomo Di Gregorio for the chat.
-
Webinar on mobile app compliance
Websites, web apps & cookies get a lot of attention, but the GDPR and ePrivacy rules also apply to other digital properties & technologies. To emphasise this, the CNIL published recommendations for mobile apps last September. During a free webinar on 3 February, Thomas Ghys and I will cover practical considerations relating to these recommendations,…
-
IAPP UK 2025: panel on adtech
In London on 12 March for the IAPP DPI25 conference? Come to our great panel (ICO rep, UK lawyer, US lawyer & me) on “PETs, AI and Cookieless: Framework for New Adtech and Metrics Approaches”. It is quite the panel, with a super list of topics: Speakers:– Hannah Crowther (Partner for Data Protection & Privacy…
-
Bindl – preliminary comments
The Bindl judgment is significant. Some positives for controllers/processors: (i) hypothetical, unproven data transfers are not transfers (“the mere risk of access to personal data by a third country cannot amount to a transfer of data” – para. 135);(ii) repeating the principle (for EU Institutions’ non-contractual liability, but similar ones exist in most countries) that…