Podcasts about edpb

Send us a textIt's been a while since we last talked about cross-border data transfers, but that does not mean that all issues have resolved themselves. And while the focus may still largely be on the EU-US relations for data transfers, the core developments actually relate to the Global Cross-Border Privacy Rules. Therefore, on this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal connect with Noël Luke, chief assurance officer at TrustArc. She joined TrustArc in 2015 and is responsible for overseeing and enhancing TrustArc's robust assurance programs, which include certifications under the Global and APEC cross-border privacy rules, as well as verifications under the respective Data Privacy Frameworks between the US and the EU, UK and Switzerland. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth is away so Ralph O'Brien of Reinbo Consulting, and Dr. K Royal  bring you a full docket of privacy news. And it is a doozy of a week!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, and Dr. K Royal (Ralph O'Brien was traveling), we cover a wild wrap up of privacy activities, including Tom Kemp as the newly appointed head of the California Consumer Privacy Protection Agency, and a wide sweep of enforcement actions including Roku, Honda Motor Company, National Public Data, Tom Snyder, plus class actions against Insomnia and Pill Pack, and a reprimand sent to Deep Seek, IAPP's state privacy law tracker update, California is seeking public feedback on proposed regulations for the delete request and opt-out platform - the DROP system, CNIL's guidance on monitoring self-checkouts, and Meta's request for a court to invalidate the EDPB guidance (can't do it, it's not a law) and Belgium's new law plus quite a bit more. We are packed with news.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Paula Ortiz es abogada con más de dos décadas de experiencia en regulación digital, con foco en publicidad y protección de datos. Durante ocho años trabajó en la Agencia Española de Protección de Datos (AEPD), representando a España en foros internacionales, incluyendo el CEPD/EDPB. Después inauguró y trabajó durante una década el departamento legal e institucional de IAB Spain, desde donde publicó más de 20 guías cubriendo aspectos legales de la publicidad digital. Además de asesorar en estos temas, Paula es co-fundadora y directora de The Legal School, desde donde ayuda a los profesionales del derecho a adaptarse a la era digital y la Inteligencia Artificial. También imparte clases en IE University,  Deusto o ISDI - además de escribir habitualmente sobre publicidad digital.  Referencias: Paula Ortiz en LinkedIn The Legal School “Consiente o paga” en la UE: una línea temporal (diagrama ilustrativo: 2016-2025) Multa a Meta (200m euros) por incumplir la Directiva de Mercados Digitales (DMA) con el modelo “Consiente o paga” (Comisión Europea) Opinión del CEPD/EDPB sobre consentimiento o pago (grandes plataformas)  ICO: Consent or Pay guidelines  Stephen Almond: The UK ICO's Vision on a Privacy-Preserving AdTech Future (Not Just ADZ, febrero de 2025 - inglés) Alessandro De Zanche: “Consent or Pay”: a gift to MFAs and old ad tech agendas Sentencia Bundeskartellamt (TJUE)  La Croqueta: cómo devolver la cordura al solapamiento entre ePrivacy y RGPD antes de que los medios espanten a la poca audiencia que aún les queda (Sergio Maldonado, Medium) Cómo la Directiva de contenidos digitales terminará con el RGPD (Sergio Maldonado, Medium - Inglés) Robert Bateman: Consent or Pay (Masters of Privacy) Romain Robert: Pay or OK in AdTech (Masters of Privacy)

Send us a textOn this week of Serious Privacy,  Ralph O'Brien of Reinbo Consulting, and Dr. K Royal connect to cover a week in privacy as Paul Breitbarth is away. This weeks shorter episode includes a guide to what's coming up from Serious Privacy at IAPP summit in DC, a penalty from the UK ICO, EDPB draft Guidance on blockchain, state laws, enforcement actions, and more!Please subscribe in your favorite podcast app - sharing is caring! Some resourceshttps://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/04/law-firm-fined-60-000-following-cyber-attack/https://www.edpb.europa.eu/news/news/2025/edpb-adopts-guidelines-processing-personal-data-through-blockchains-and-ready_enhttps://iapp.org/resources/article/us-state-privacy-legislation-tracker/#state-privacy-law-chart Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth , Ralph O'Brien of Reinbo Consulting, and Dr. K Royal talk about the controversy with executive changes to the U.S. Federal Trade Commission #FTC, the UK #adequacy extension, and the Norwegian decision about Data Protection Officer #DPO conflicts of interest.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal cover a month in privacy. This includes UK adequacy, the March meeting of the European Data Protection Board where they released a statement on the implementation of the PNR directive, we talk about BCRS and the number of companies who have adopted BCRs and BSPRs, and the UK list of BCRs, court cases, we talk about the future of the GDPR and lots of data protection consultation, and that is just the European part of it.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Theodore Christakis is Professor of International and European Law at University Grenoble Alpes (France), Director of the Centre for International Security and European Law (CESICE), Director of Research for Europe with the Cross-Border Data Forum, Senior Fellow with the Future of Privacy Forum and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre.  He is also Chair on the Legal and Regulatory Implications of Artificial Intelligence with the Multidisciplinary Institute on AI, and has been a member of the French National Digital Council, currently serving as a member of the French National Committee on Digital Ethics as well as a member of the International Data Transfers Experts Council of the UK Government.  With Theodore we have gone through “the good”, “the bad”, and “the ugly” in the EDPB Opinion on LLMs and personal data. We have also examined the Deepseek affair, as well as the challenges posed by hallucinations in generative AI.  References: Théodore Christakis' SSRN Author Page Théodore Christakis on LinkedIn EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) Lokke Moerel: using personal data in the development and deployment of AI models (Masters of Privacy) Théodore Christakis, ‘European Digital Sovereignty': Successfully Navigating Between the “Brussels Effect” and Europe's Quest for Strategic Autonomy  Théodore Christakis, Cyber-Attacks – Prevention-Reactions: The Role of States and Private Actors Multidisciplinary Institute on AI Université Grenoble Alpes: Centre d'études sur la sécurité internationale et les coopérations européennes.

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode's blog post.

Partners Catherine Castaldo, Andy Splittgerber, Thomas Fischl and Tyler Thompson discuss various recent AI acts around the world, including the EU AI Act and the Colorado AI Act, as well as guidance from the European Data Protection Board (EDPB) on AI models and data protection. The team presents an in-depth explanation of the different acts and points out the similarities and differences between the two. What should we do today, even though the Colorado AI Act is not in effect yet? What do these two acts mean for the future of AI?

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal, catch up on data protection and privacy developments from around the globe. Up for discussion this week:The repeal of the proposal for an ePrivacy Regulation and AI Liability Directive (link)The EDPB guidelines on age assurance and recommendations to the World Anti Doping Agency (link)The ICO Direct Marketing Advice generator (link)Utah Age Verification (link)Danish Petitition to buy California (link) Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

My guest on this week's episode of the podcast isMikołaj Barczentewicz. Mikołaj has appeared on the podcast a number of times -- he's a professor of law at the University of Surrey and holds a PhD in Law from the University of Oxford. He also regularly publishes thoughtful commentary on the EU regulatory landscape on hisSubstack.In this episode of the podcast, among other topics, we discuss:The EU's AI Act, which was passed in July 2024;The broad status of AI regulation in the EU;The Hamburg DPA's proposal that large language models do not store personal data and whether that view might be adopted broadly;The EDPB's updated guidance on the ePrivacy Directive;Google's decision to route cookie deprecation in Chrome through consent and whether the CMA is likely to accept that.Thanks to the sponsors of this week's episode of the Mobile Dev Memo podcast:INCRMNTAL⁠⁠. True attribution measures incrementality, always on.⁠⁠⁠Clarisights⁠⁠⁠. Marketing analytics that makes it easy to get answers, iterate fast, and show the impact of your work. Go to⁠⁠⁠ clarisights.com/demo⁠⁠⁠ to try it out for free.ContextSDK. ContextSDK uses over 200 smartphone signals to detect a user's real-world context, allowing apps to deliver perfectly timed push notifications and in-app offers.Interested in sponsoring the Mobile Dev Memo podcast? Contact ⁠Marketecture⁠.

Send us a textOn this week of Serious Privacy, Paul Breitbarth of Catawiki, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal launch the first week in privacy for 2025. Topics include State laws in the US entering into effect (link to White & Case article, but bonus for 10 areas for US-based privacy programs to focus in 2025 from Hintze Law) to a TikTok ban that was there and then it wasn't. European Data Protection Board opinions. Court of Justice of the EU. Regulatory issues in Kenya. so much more. and did we even talk about Deepseek? Remember to like and subscribe! Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley#heartofprivacy #europaulb #igrobrien #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Carey Lening, JD, CDPP writes, speaks, and consults on data protection, law, technology, and fractal complexity in systems. Currently based in Ireland, Carey has over 20 years of experience in thinking about hard problems and helping people arrive at practical solutions. Besides providing data protection compliance support to select clients, Carey runs Privacat Insights, a newsletter that offers a paid tier with exclusive content, members-only Q&A, a slack channel and a yearly meetup. References: Privacat Insights 18,000 words. Four Questions. Much Delegation. Little Guidance EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Privacy Disasters: Microsoft, Just Because You Can (Recall) Privacy Disasters: AI Spy-Wearables, and the Scourge of Competing Friendants An early adopter's thoughts on Rewind.ai's $350m pivot Privacy Disasters: FaceHuggers Are Eating Your Skeets Carey Lening on LinkedIn Carey Lening on Bluesky (Jeffrey Pfeffer) Power: Why Some People Have it and Others Don't  

Tanta lettura tutta per voi. Molto interessante il quadro che si apre a chi vuole usare e sviluppare AIAttenzione alla definizione di AI, di documentazione e di obbligo di DPO

Lokke Moerel is a leading global expert on new technologies, Artificial Intelligence (AI), Big Data, and the Internet of Things, as well as Morrison & Foerster's lead counsel on Binding Corporate Rules (BCR), with vast experience advising multinational companies in obtaining their BCR approvals throughout the EU. She has also authored the leading textbook on the subject, published by Oxford University Press.   We recorded this interview prior to the publication of the European Data Protection Board's opinion on AI models and GDPR principles, following both a discussion paper issued by Hamburg's Supervisory Authority (“Do LLMs contain personal data?”) and an announcement by the Irish Data Protection Commissioner that it would open an investigation into Google's PaLM model.   A separate interview on the same topic, with Jorge Garcia Herrero, was released last week on our Spanish-language channel. References: Do LLMs 'store' personal data? This is asking the wrong question (Lokke Moerel, Marijn Storm) Lokke Moerel on LinkedIn Lokke Moerel, Morrison & Foerster  EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) Large Language Models do not store personal data: the LLM discussion paper of Hamburg's DPA with Dr. Markus Wünschelbaum (PrivacyPod) Data Protection Commission launches inquiry into Google AI model (DPC) ChatGPT provides false information about people, and OpenAI can't correct it (NOYB) Report of the work undertaken by the EDPB ChatGPT Taskforce (May 2024) [ES] Jorge García Herrero: ¿Contienen datos personales los LLM? ¿Cómo aplicamos el RGPD a los sistemas de IA generativa? (Masters of Privacy)

How can organizations ensure GDPR compliance while developing and deploying AI models that rely on personal data? In this episode of Diritto al Digitale, Giulio Coraggio and Tommaso Ricci from the law firm DLA Piper explore the implications of the European Data Protection Board's (EDPB) Opinion 28/2024, which clarifies how the GDPR applies to AI model training, development, and deployment. We discuss the challenges of achieving genuine anonymity in AI models, navigating the use of legitimate interest as a legal basis for processing personal data, and understanding the consequences of unlawful data usage during the AI lifecycle.Through practical insights and real-world examples—such as the recent GEDI case involving data sharing with OpenAI—we highlight the importance of robust documentation, Data Protection Impact Assessments (DPIAs), and privacy-preserving techniques. Discover how to manage data protection risks, integrate privacy by design into your AI projects, and maintain accountability and transparency. This comprehensive overview is aimed at equiping businesses, tech developers, and legal professionals with strategies to align cutting-edge AI technologies with GDPR requirements, ensuring trust, compliance, and long-term success in an increasingly data-driven world.Send us a text

Has honour been restored to the Legitimate Interest legal basis after the CJEU Royal Dutch Tennis Association decision and subsequent EDPB Guidelines? Is the GDPR showing signs of rustiness? Has it instead become a new religion?  Rie Aleksandra Walle brings over seventeen years of professional experience across both the private and public sectors, having worked at Kristiania University College, Ernst & Young, Nordic Innovation and the Norwegian Agency for Public Management and eGovernment. Rie is behind the DPO Hub, which helps busy DPOs by offering concise summaries and key practical takeaways from key CJEU rulings, EDPB documents and DPA decisions, as well as by putting together a community around it. She is also the host of the Grumpy GDPR podcast. References: The Grumpy GDPR Podcast (NoTies Consulting) DPO Hub Rie Aleksandra Walle on LinkedIn Rie Aleksandra Walle on Bluesky KNLTB vs. Dutch DPA (CJEU decision) EDPB Guidelines 1/2024 on processing of personal data based on legitimate interest Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Serious Privacy (Podcast): Comments on the KNLTB case and other updates  Peter Craddock: ePrivacy exceptions, advertising, analytics, the limits of consent and server-side processing (Masters of Privacy) Rie Aleksandra Walle: the DPO's guide to better resources, constructive debates, and a happier life (Masters of Privacy)

Send us a textOn this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a relatively slow week in privacy, including a settlement with Oracle out of California, some new WorldCoin investigations, KOSA, and a position paper from BEUC so we also throw in some frank discussion of AI tools and how they can help in our personal and professional lives.Tune in for some #livinglearninglaughing.  If you have comments or questions, find us on LinkedIn and IG @seriousprivacy, and on Blue Sky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

In this inaugural episode of our new Data, Privacy and Cyber Digest podcast series, Pete Given and Chris Air (partners in DACB's Data, Privacy and Cyber team) discuss the EDPB's recent Opinion 22/2024 on obligations following from reliance on processors and sub-processors.Together they consider what the EDPB opinion covers, what the standout points are from the opinion, and what this means for controllers.

Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert, who's here for a second time, we are going to revisit recent EDPB (or European Data Protection Board) opinions on data processor auditing requirements and Meta's Consent or Pay model, with its latest twist in mind (a brand new third option with generic, unskippable ads). References: Robert Bateman on LinkedIn EDPB Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors Meta adds a Plan C to its Pay or Consent model EDPB Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Robert Bateman: Consent or Pay (Masters of Privacy, October 2023)

Time for a Newsroom summarizing everything that's happened in our usual areas of focus, although we are dropping the last two (Zero-Party Data and Future of media) this time around.  ePrivacy & Regulatory Updates Enforcement On September 5th, the CNIL fined CEGEDIM SANTÉ 800,000 euros for processing health data without authorization. The healthcare software provider collected sensitive personal information, assigning a unique identifier for each patient of the same doctor. This method was considered sufficient to ensure that personal data remained anonymous in order to put together certain comparative studies, but the CNIL concluded that, given the risk of re-identification, it could merely be considered pseudonymized, exposing a breach of the GDPR as a result (for starters, patients had not been informed of additional purposes). A Reference was made to the EDPB's Opinion 05/2014 on Anonymisation Techniques.  On September 27th The Irish DPC issued a 91 million euro fine to Meta for storing certain user passwords in plain text files.  On October 22nd, NOYB filed a claim against Pinterest before the French supervisory authority alleging that the company relies on legitimate interest to underpin its behavioral advertising practices, in contravention of the CJEU Bundeskartellamt decision. The social network has also been accused of breaching the transparency principle and not responding to data subject requests appropriately.  On October 24th, the Irish DPC imposed a 310m EUR fine on LinkedIn. The professional social network is not properly applying a valid legal basis for targeted ads and the processing of first party data about their members, despite referring to three separate grounds: consent, legitimate interest and contractual necessity. This has also resulted in a breach of the fairness principle. On October 30th, the California Privacy Protection Agency announced an investigative sweep of data broker registration compliance under the Delete Act. This law requires data brokers to register with the CPPA and pay a fee annually.  On November 6th, the Canadian government ordered the closure of TikTok in the country. Citizens are however allowed to keep using the app, as this is considered a personal choice.  Legal updates and guidelines On October 4th, the CJEU resolved a famous dispute between the Royal Dutch Lawn Tennis Association and the Dutch DPA. The latter had imposed a fine on KNLTB for relying on legitimate interest for sharing data with its sponsors for purposes of direct marketing. Five days later, the EDPB requested comments on its draft Opinion on processing data on the basis of Legitimate Interest: It is made clear that this legal basis should not be treated as a “last resort” as it is of equal value to the rest, and a differentiation is made between an interest (or broader benefit that a controller may have) and a purpose (or specific reason why the data is processed). The Opinion has also stated that an interest must be related to the data controller's activities. On the same day (October 9th), the EDPB adopted its Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors: every controller should extend the diligence they currently have over direct processors to the entire chain of custody, no matter how many degrees apart.  On October 16th, the EDPB adopted new Guidelines on the technical scope of article 5.3 of the ePrivacy Directive: given that very little has changed since they opened up an initial draft for comments, we recorded a separate episode with Peter Craddock pondering the far reaching implications of these Guidelines.  Turning our attention to the UK, on October 7th the UK ICO launched its own Data Protection Audit Framework including self-assessment toolkits and other practical resources.  Also, the UK Data Protection reform is back, now with a Data Use and Access Bill (with a second reading announced on November 1st). It maintains an exception for analytics cookies that will not require consent. DPOs are back on the table (the previous reform proposal was getting rid of the role).  On November 5th EDPB adopted its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement. The redress mechanism has been implemented successfully but it is yet not being widely used. The EDPB has voiced concerns about recent changes to Section 702 FISA and how that could expand the role of private companies in gathering data about EU citizens.  MarTech and AdTech On November 12th, Meta introduced a plan C to its Pay or Consent models, having been told by the EDPB that the current proposal would not be acceptable. A third option (besides paying and relying on behavioral ads) is now available which will use less data and remain mostly contextual. It will also compensate its decreased targeting capabilities with increased audience reach by showing ads (“ad breaks”) that become unskippable for a few seconds. A study conducted by Boston University has concluded that the Protected Audiences API (building on the formerly called FLEDGE protocol, a part of Chrome's Privacy Sandbox), can produce similar results to those of third party cookies in the context of retargeting campaigns.  On November 5th, David Raab, who back in the day had coined the label CDP (Customer Data Platform), published a provocative piece titled “The Composable CDP is Dead”. In summary the author argues that all CDPs have already caught up with the modularization that came from sitting on top of more flexible data warehouses, so every single CDP has either become a niche modular component or an all-encompassing, highly-modularized software suite. In sum, the term will not help a Hightouch differentiate itself uniquely any longer. We suggest that you listen to our interviews with Tejas Manohar and Jonathan Mendez, CEOs of Hightouch and Neuralift AI respectively, for further context.  AI, Competition and Digital Markets The community is still recovering from Hamburg's DPA's opinion (adopted on July 15th) stating that LLMs do not contain personal data. The supervisory authority made three key points that we will be covering with some future guests: a) No personal data is stored in LLMs; b) Data subject rights as defined in the GDPR cannot relate to the model itself, but they can be exercised against the provider or deployer of a system built on top of such models, with regards to the input or output of such system; c) The training of LLMs using personal data must comply with data protection regulations.  The Irish DPC announced an investigation into Google's foundational AI model (PaLM 2) on September 12th, with a focus on the DPIA that Google is expected to have undertaken.  An ICO report released on November 8th found that AI recruitment technologies can filter candidates according to protected characteristics including race, gender, and sexual orientation. On November 13th, Meta received an 800,000 EUR fine for anti-competitive practices in the bundling of its Marketplace feature with the primary Facebook application. So, they have leveraged their control over one market to take control of another, adjacent market, in this case threatening pretty large companies in the classified ads space. That's it for today! Thanks again for listening.  

The EDPB has finally adopted its much feared Guidelines on the scope of article 5.3 of the ePrivacy Directive, but consent may still be avoided in some cases not specifically covered by an exemption (e.g., analytics). Absent such an exception, and in light of dismal consent rates, publishers and platforms have embraced highly controversial “Consent or Pay” models. Plan C? Server-side processing (Conversion APIs, Enhanced Conversions, Data Clean Rooms…), not without its own challenges. We have gone through all of it with Peter Craddock in his second appearance on Masters of Privacy.  Peter Craddock is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. He is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Op-Ed: A critical analysis of the EDPB's "Pay or Consent" Opinion (Peter Craddock) Peter Craddock: Comparison of the final version of the EDPB's ePrivacy guidelines with the version of November 2023 (including links to more in-depth comments on those guidelines) EDPB Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms AEPD guidelines for the use of cookies without need for consent in the context of digital analytics (ES) Peter Craddock on Masters of Privacy (February 2024): Could core advertising components fall under the “strictly necessary” exemption of the ePrivacy Directive? Romain Robert: Pay or OK in AdTech - How it started and where it's going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)

Send us a textThis episode of Serious Privacy should actually have been released two weeks ago, but life happened... As usual however, Paul Breitbarth and Dr. K Royal discuss recent developments in privacy and data protection laws around the world. In this episode, they discuss:Opinion on certain obligations following from the reliance on processor(s) and sub-processor(s)Guidelines on the processing of personal data based on legitimate interestC-621-22 Koninklijke Nederlandse Lawn Tennisbond v Autoriteit PersoonsgegevensGrumpy GDPR podcast on the EDPB subprocessors opinion. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Monica Meiterman-Rodriguez is a Partner at Tueoris, an international privacy and security consulting firm, currently residing in Barcelona. She utilizes her US law degree and her experience in data protection and privacy to assist global clients in developing, maintaining, or growing their privacy programs. She has experience supporting compliance across global regulations including US state and federal requirements, EU/UK GDPR, PIPEDA, LGPD, etc. in addition to advising on specialized matters in the AdTech space such as targeted advertising, data analytics, AI and growing industry guidance (e.g., IAB, DAA, etc.). Monica is a member of the New York State Bar, New Jersey State Bar, as well as a Certified Information Privacy Professional (CIPP/US/E) and the Chapter Chair of the IAPP in Barcelona (Spain). References: Monica Meiterman on LinkedIn California Consumer Privacy Act EDPB Guidelines 01/2022 on data subject rights - Right of access GDPR Violation: German Privacy Regulator Fines 1&1 Telecom(BankInfoSecurity) Groupon Ireland Operations Limited – March 2024: the DPC finds that Groupon infringed Article 5(1)(c) GDPR by having initially required the complainant to provide a copy of their ID in order to verify their identity for the purposes of their access and erasure requests.

Puesta al día estival cubriendo las cinco secciones habituales: ePrivacy y marco regulatorio; MarTech y AdTech; IA, Competencia y mercados digitales; PETs y Zero-Party Data; Futuro de los medios.   Referencias: Memoria de actividad 2023 de la AEPD Acciones de la FCC contra los principales proveedores de telecomunicaciones por su venta de datos de ubicación de consumidores FTC vs. X-Mode Outlogic Voces a la venta sin permiso Scarlett Johansson vs. OpenAI Opinión del CEPD sobre “consentimiento o pago” Kočner vs. Europol (compensación por daños no materiales) Reglamento Europeo de Identidad Digital  Informe del grupo de trabajo sobre ChatGPT en el CEPD Revolut lanza un negocio publicitario Walmart se vuelve más omnipresente Oracle abandona AdTech Mozilla anuncia la adquisición de Anonym Investigación a Meta por “consentimiento o suscripción” bajo el DMA Investigación a Apple por abusos en el App Store bajo el DMA Comisión Europea vs. Microsoft por la competencia desleal de Teams Meta abandona el entrenamiento de algoritmos con datos de sus usuarios Conferencia de USENIX sobre práctica y respeto de la ingeniería de privacidad 2024 (PEPR) ¡Feliz verano!  

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a couple of weeks in privacy. Topics include the Vermont Privacy Act veto heard around the world, updates in the European Parliament, the Digital Advertising Alliance webchoices 2.0, a joint investigation by the UK and Canada into the 23andMe breach, Clearview AI's settlement proposal, noyb's complaint against Google for its privacy sandbox, the Apple Intelligence announcement, Hong Kong's guide on AI, the US Supreme Court's acceptance to hear the Meta case, the EDPB's new deputy chair, and discussion about learning AI, strategy, and seeking AIGP certification by IAPP, including the AIGP Body of Knowledge. Tune in for some living, learning, and laughing. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

We are closing this season with a Spring Newsroom before we officially kick off the summer, summarizing everything that's happened in the past quarter across our usual five sections: ePrivacy (enforcement, regulatory updates), MarTech/ AdTech, AI/ Competition/ Digital Markets, PETs/ Zero-Party Data, Future of media.  This includes: EDPB's ChatGPT Task Force report EU Digital Wallets Privacy Sandbox news EU Commission vs. Apple's App Store LLM updates (Llama3, GPT 4o, Gemini, Apple Intelligence) Meta AI *not* training on EU user data Mozilla's acquisition of Anonym Oracle's exit from AdTech Revolut ads Microsoft Copilot+ Recall retreat The Trade Desk's curated list of publishers FCC fines to telecom operators for the sale of location data Consent or Pay news TikTok ban. A full transcript with links and additional resources can be found on the PrivacyCloud blog.   

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a couple of weeks in privacy - on the scary side. Topics include updates on the global CBPRs and PRPs, NOYB launched a complaint against open AI with the austrian data protection authority and 11 complaints against META, Italy reinstates chatGPT, the EDPB chatGPT task force report,  a lawsuit against General Motors for IOT, the U. S. Department of Commerce announced some new initiatives under the AI order for NIST, the FCC fined four major us wireless carriers $200 million for unlawfully sharing customers location data without consent, the Florida governor signed a bill mandating explicit disclaimers on political advertisement to ensuring transparency in AI used for political campaigns, the Dutch Data Protection Authority issued guidance against the web scraping, Australian officials announced an overhaul of their privacy act. Carly Kind, IAPP AI governance global happened in Brussels. the women in AI emerald de leeuw shoshana rosenberg. the California Privacy Protection Agency's hearing is set for June 21st in the Superior Court of California, Maryland also signed in two significant measures for online data protection. The Maryland kids code. the Nordic data protection authorities adopted joint principles on children and online gaming. Leena Kuusniemi If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Vært: Henrik Heide Medvirkende: Agnes Rønberg, Laurids Hovgaard, Jens Ramskov og chatGPT4.o Sammen med eksplosionen af generativ tekst-AI har et nyt begreb bredt sig: hallucinationer. Denne bløde betegnelse for det, der i virkeligheden må betegnes forfalskninger er en indbygget, uundgåelig element ved de generative modeller. Man kan påpege, at det er et vilkår, når man beder en generativ AI om at gå ud over de træningsdata, den har haft at arbejde med. Men det bliver et problem, når AI-en begynder at opdigte og sprede falske personlige informationer om dig og mig. Informationerne kan nemlig ikke fjernes, siger skaberne af chatGPT. Men bor man i EU, har man en grundlæggende ret til korrekt information om sig selv og må bede om at få rettet, slettet eller ajourført forkerte oplysninger. Det står i både GDPR og EU's charter, og derfor har privatlivsaktivisten Max Schrems indgivet en klage til det østrigske datatilsyn mod OpenAI, firmaet bag ChatGPT, som kan havne ved EU's øverste databeskyttelsesråd EDPB. I Transformator tester vi det af og ser på, hvordan vi undgår, at AI spreder alle mulige sære informationer om os. Op til den seneste uges voldsomme solstorme og efterfølgende nordlys, var der udbredt frygt for, at alverdens elektronik ville blive sat ud af drift. Men det gik ikke meget værre end at traktorer gik i stå midt under såningen Og så skal vi have en rum-vejrudsigt til alle os, der ikke nåede at få set nordlyset i denne omgang. Der er mere på vej. Links Se rumvejret på SpaceWeatherLive Derfor kan du ikke tvinge ChatGPT til at sige sandheden ChatGPT kan ikke overholde GDPR: »Der er ingen gode løsninger« Kæmpe solstorm ramte danske landmænd: Maskiner gik i stå

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company had a few major developments to discuss, such as the ban or forced sale of TikTok (which was signed as we were talking), the EDPB opinion on Meta's consent or pay model, a final rule issued by the U.S. Department of Health and Human Services Office for Civil Rights on privacy of reproductive rights, Nebraska's privacy law, and more. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

My guest on this episode of the Mobile Dev Memo podcast is Mikołaj Barczentewicz, a law professor at, and the research director of, the Law and Technology Hub at the University of Surrey in the United Kingdom. In this episode of the podcast, Mikolaj and I discuss the EDPB's recently published opinion on the use of the Pay or Okay model by "large online platforms." Mikolaj most recently joined the podcast in December of last year to speak with me about Meta's introduction of the Pay or Okay model. In this episode, we cover the EDPB's opinion invalidating that specific use. Topics explored in our conversation include: A high-level overview of the EDPB's opinion; How the EDPB presents Meta's use of Pay or Okay as not providing a valid consent mechanism; The EDPB's definition of "large online platforms"; The other platforms to which the opinion might apply; The ways in which the opinion doesn't contradict the CJEU's commentary on Pay or Okay from last July; What happens next with respect to Pay or Okay. Thanks to the sponsors of this week's episode of the Mobile Dev Memo podcast: ⁠⁠INCRMNTAL⁠⁠⁠. True attribution measures incrementality, always on. Interested in sponsoring the Mobile Dev Memo podcast? Contact ⁠⁠Marketecture⁠⁠.

Vandaag heeft de de European Data Protection Board, EDPB zijn eerste grote besluit genomen over Pay or Oké, dat wordt gebruikt bij grote online platforms zoals Instagram en Facebook. In dit geval mag Meta deze 'knop' niet langer inzetten om persoonsgegevens van hun gebruikers op te slaan en te gebruiken. Met deze beslissing lijkt het voor Meta inmiddels onmogelijk om in Europa de gegevens van mensen te blijven gebruiken voor advertentiedoeleinden.  Het was ook wel een dubieuze optie, met de Pay or Oké knop betaalden gebruikers meer dan 250 euro per jaar voor Instagram en Facebook om hun persoonlijke gegevens niet te gebruiken. Volgens het EDPB zou je niet hoeven te kiezen tussen het betalen van een vergoeding als je het niet wil of anders maar toestemming geven. Het moet gebruikers nu een echte ja/nee-optie bieden voor gepersonaliseerde advertenties. De European Data Protection Board (EDPB) is een onafhankelijk orgaan waarin alle nationale privacytoezichthouders uit de Europese Unie samenwerken. Maar, dit advies is nog niet in beton gegoten, er zijn natuurlijk aardig wat kleine lettertjes die uitgebreider moeten worden onderzocht. Maar het draagt in ieder geval bij aan de discussie over de Pay or Oké button en een veel bredere context: als het aan de EDPB ligt komen later dit jaar ook strengere richtlijnen die niet alleen gelden voor grotere online platforms. Verder in deze Tech Update: Ook TikTok had wat vragen van Europa te beantwoorden en dat had weer alles te maken met de lancering van TikTok Lite. Hackers hebben opnieuw toegeslagen bij BabyTV: de populaire kinderzender werd voor de tweede keer in korte tijd overgenomen... See omnystudio.com/listener for privacy information.

Amy Worley is Managing Director at BRG, a global leader in data protection, information security, and AI governance. A licensed attorney, certified privacy professional, and certified information systems security professional, Amy formerly served as the Chief Privacy Officer for a billion-dollar pharmaceutical and medical device company and now serves as a fractional Data Protection Officer for several multinational companies.  Amy's consulting practice is focused on helping clients implement sustainable programs that result in meaningful compliance with state, national, and regional laws and build corporate trust. She is passionate about the intersection of data, people, and power.   References: Amy Worley on LinkedIn BRG: Privacy and Data Protection services Draft: American Privacy Rights Act 2024 Dragos Tudorache: Dealing with foundation models, data protection, and copyright in the EU AI Act (Masters of Privacy) EDPB Guidelines 8/2020 on the targeting of social media users  

Guest: Elena Elkina, Partner / Privacy & Data Protection Management Executive, Aleada Consulting [@AleadaPrivacy]On LinkedIn | https://www.linkedin.com/in/elenaelkina/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, the spotlight is on the complex world of data privacy, specifically focusing on the French data protection authority, CNIL, and its broader implications on global privacy and data protection practices. Joining the conversation is Elena Elkina, a seasoned privacy and data protection executive. With nearly two decades of experience in the field, Elkina shares her expertise on the evolving landscape of privacy laws and the challenges businesses face in operationalizing these regulations.The discussion opens up with an exploration of various privacy frameworks, including GDPR, CNIL, TIA, EDPB, and ICO, unraveling the interconnected yet distinct nature of these acronyms in the realm of data protection. Elena Elkina delves into the intricacies of the CNIL and its recent draft guidance on Transfer Impact Assessments (TIA), emphasizing its practical approach and the operational guidance it offers to companies dealing with data protection across different jurisdictions.A significant part of the conversation is dedicated to understanding the legal and operational challenges associated with TIA, including the legal analysis required for transfers to third countries, the importance of documenting and periodic reevaluation, and the role of both data importers and exporters in ensuring compliance. Elkina highlights the collaboration required between these parties and the importance of comprehensive documentation to demonstrate compliance efforts.Additionally, the dialogue touches upon broader themes, such as the differences between privacy approaches in the United States and the European Union, the impact of new privacy laws and regulatory guidance, and the importance of organizational data hygiene.Throughout the episode, both Martin and Elkina underscore the importance of justification, documentation, and transparency in navigating the complex landscape of international data transfers. The conversation serves as a crucial guide for businesses looking to align their data protection practices with regulatory requirements and industry best practices, providing valuable insights into the ongoing evolution of privacy and data protection obligations.Top Questions AddressedWhat is the role of CNIL in data protection?How do data transfer impact assessments work?What does the new executive order on data protection mean for American companies?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Elena Elkina, Partner / Privacy & Data Protection Management Executive, Aleada Consulting [@AleadaPrivacy]On LinkedIn | https://www.linkedin.com/in/elenaelkina/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, the spotlight is on the complex world of data privacy, specifically focusing on the French data protection authority, CNIL, and its broader implications on global privacy and data protection practices. Joining the conversation is Elena Elkina, a seasoned privacy and data protection executive. With nearly two decades of experience in the field, Elkina shares her expertise on the evolving landscape of privacy laws and the challenges businesses face in operationalizing these regulations.The discussion opens up with an exploration of various privacy frameworks, including GDPR, CNIL, TIA, EDPB, and ICO, unraveling the interconnected yet distinct nature of these acronyms in the realm of data protection. Elena Elkina delves into the intricacies of the CNIL and its recent draft guidance on Transfer Impact Assessments (TIA), emphasizing its practical approach and the operational guidance it offers to companies dealing with data protection across different jurisdictions.A significant part of the conversation is dedicated to understanding the legal and operational challenges associated with TIA, including the legal analysis required for transfers to third countries, the importance of documenting and periodic reevaluation, and the role of both data importers and exporters in ensuring compliance. Elkina highlights the collaboration required between these parties and the importance of comprehensive documentation to demonstrate compliance efforts.Additionally, the dialogue touches upon broader themes, such as the differences between privacy approaches in the United States and the European Union, the impact of new privacy laws and regulatory guidance, and the importance of organizational data hygiene.Throughout the episode, both Martin and Elkina underscore the importance of justification, documentation, and transparency in navigating the complex landscape of international data transfers. The conversation serves as a crucial guide for businesses looking to align their data protection practices with regulatory requirements and industry best practices, providing valuable insights into the ongoing evolution of privacy and data protection obligations.Top Questions AddressedWhat is the role of CNIL in data protection?How do data transfer impact assessments work?What does the new executive order on data protection mean for American companies?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Rie Aleksandra Walle brings over seventeen years of professional experience across both the private and public sectors, having worked at Kristiania University College, Ernst & Young, Nordic Innovation and the Norwegian Agency for Public Management and eGovernment.  Rie is behind the DPO Hub, which helps busy DPOs by offering concise summaries and key practical takeaways from key CJEU rulings, EDPB documents and DPA decisions, as well as by putting together a community around it. She is also the host of the Grumpy GDPR podcast. With Rie we will explore her own tips and tricks to stay sharp and up to date, avoiding a myriad of shallow or confusing sources and digging for the best possible answers at all times - all of it while avoiding clickbait, radical opinions and the avalanche of so-called privacy experts clogging LinkedIn feeds. References: How to stay up to date as a DPO The Grumpy GDPR Podcast (NoTies Consulting) DPO Hub Rie Aleksandra Walle on LinkedIn  

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company connect with Rie Aleksandra Walle. The original grumpyGDPR podcaster, to discuss current events and the DPO Hub. Join us for a rousing great conversation about the EU, Irish DPC, the most challenging part of compliance for companies, and so much more… If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Could we re-interpret article 5.3 of the ePrivacy Directive so that the “strictly necessary” (to provide a service) consent exemption gives shelter to the core technical building blocks of advertising solutions making journalism possible? Can we not deal with personal data (should it be involved at all) or behavioral targeting (should it be the case) separately under the GDPR? Peter Craddock helps us answer that question. Our guest is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. Peter is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Maybe no consent needed for advertising under ePrivacy "cookie" rule? (Peter Craddock) EDPB seeks to redefine ePrivacy – Part II: Overbroad notions and regulator activism? IAB Europe Responds to the EDPB Public Consultation on their Draft Guidelines 2/2023 EDPB ePrivacy Guidelines: Comments Highlighting Risks to Businesses with Digital Activities (Keller and Heckman) Romain Robert: Pay or OK in AdTech - How it started and where it's going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB Guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)  

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company kick off Season 5 with a Bang! As usual, we launch the new season on Data Privacy - Data Protection Day and what a year we've had so far! If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Romain Robert is member of the litigation chamber of Belgium's Supervisory Authority. He worked in various Brussels law firms between 2002 and 2011. Between 2007 and 2011, he was also a researcher at the Research Centre in Law and Society at the University of Namur. In 2011, he joined Belgium's Supervisory Authority as a legal advisor. He worked as legal officer at the Policy and Consultation Unit of the European Data Protection Supervisor (EDPS) as of 2015 and joined the Secretariat of the European Data Protection Board (EDPB) in May 2018. In April 2020, Romain joined NOYB - an NGO conducting strategic litigation to enforce digital rights - where he was Program Director until July 2023. References: Romain Robert on LinkedIn EDPS Opinion on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content Sergio Maldonado, How the Digital Content Directive will break the GDPR NOYB Robert Bateman: Consent or Pay EDPB Guidelines 05/2020 on consent Giovanni Buttarelli (former EDPS), “Privacy 2030: A Vision for Europe” (IAPP)

Joanna Rozanska es Associate en el área de IP/TMT de Hogan Lovells Madrid, miembra de European Advisory Board de la IAPP y miembro de Madrid KnowledgeNet Chapter de la IAPP.   Con Joanna hemos abordado el solapamiento entre el RGPD y el recién aprobado AI Act a la hora de gestionar proyectos de IA generativa, prestando particular atención al principio de exactitud (art. 5 RGPD) y el requisito de calidad de los datos (art. 10 AI Act). También hemos mencionado otras exigencias resaltadas por la Agencia Española de Protección de Datos. Referencias: Joanna Rozanska en LinkedIn Opinión conjunta del EDPB y EDPS sobre la propuesta de reglamento de IA (AI Act) AEPD (post): Inteligencia Artificial: principio de exactitud en los tratamientos (2023) AEPD (guía): Requisitos para auditorías de tratamientos de datos personales que incluyan Inteligencia Artificial (2021) AEPD (guía): Adecuación al RGPD de tratamientos que incorporan Inteligencia Artificial (2020) Gabriela Zanfir-Fortuna (Future of Privacy Forum): How data protection authorities are de facto regulating generative AI  

Renzo Machini is a London-based partner at Fieldfisher's Data and Privacy team. He holds CIPP/E, CIPT and FIP certifications from the IAPP and is well versed in Cloud Computing, Big Data and other technologies overlapping with privacy and GDPR compliance. He has authored  "Cloud Computing: A practical introduction to the legal issues" and, prior to becoming a solicitor, he worked for five years as a software engineer at Logica (now CGI), a major independent UK software house. With Renzo we are directly addressing the biggest elephant in the ePrivacy room today: What are the unintended consequences of the EDPB's recent Guidelines on the technical scope of article 5.3 of the ePrivacy Directive? References: Renzo Marchini on LinkedIn EDPB, Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive Renzo Marchini, “New Guidance released on the technical scope of Art 5(3) ePrivacy Directive - a landgrab by the EDPB” Renzo Marchini, “Cloud Computing: a practical introduction to the legal issues.” (Cambridge University Press).

Nina and Sergio run through the most relevant news of the past three months at the usual intersection of marketing, data, privacy, and technology - stopping at a few less commented and yet quite relevant fines, guidelines, or upcoming legal frameworks. In particular, this episode covers:  Dark patterns in recent EU enforcement actions  EDPB Guidelines on the technical scope of the ePrivacy Directive The 23andMe data breach 40 states suing Meta over Insta/FB's impact on the mental health of teenagers Best of all, we managed to avoid OpenAI's drama. With Nina Müller and Sergio Maldonado. References: [ES] AEPD fine resulting from the use of dark patterns in the acceptance of third party recipients (Expansion) Irish watchdog fines TikTok €345M for mishandling kids' data (The Register) 23andMe user data targeting Ashkenazi Jews leaked online (NBC News) EDPB Draft Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive  Dozens of states sue Meta over youth mental health crisis (The Verge) Masters of Privacy - Arielle Garcia: How privacy awareness leads to respectful, effective marketing

Anu Talus, who succeeded Andrea Jelinek to become the second chair of the European Data Protection Board in May, hopes to build on Jelinek's work as she focuses on making GDPR enforcement more coherent, efficient and harmonized across the bloc's member states. In an extended conversation with MLex on the sidelines of the Global Privacy Assembly meetings this year, Talus discussed issues ranging from the EDPB's highly unusual step of making permanent and EU-wide a temporary Norwegian ban on Meta Platforms targeting users with behavioral-based ads without their consent issued under the GDPR's urgency procedure, to how she entered the data protection field years ago.

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal connect with Tobias Judin, the Head of the International Section at the Norwegian DPA and Co-Chair of the International Enforcement Working Group of the Global Privacy Assembly. Tobias has a background in law and informatics, which lends itself well to the recent investigations and actions by the Norwegian DPA. On 27 October 2023, the European Data Protection Board made a big decision. The urgent request from the Norwegian DPA to enforce a processing ban for Meta's personalised advertising practices was endorsed. Some resources mentioned:Leaked FB memo about Cambridge AnalyticaPaul's post on Linkedin with photos of consent  If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Cristiana Santos is Assistant Professor in Privacy and Data Protection Law at Utrecht University, holding a joint international Doctoral Degree in Law, Science and Technology from the University of Bologna, and a Ph.D. in Computer Science from the University of Luxembourg. She is an expert of the Data Protection Unit at the Council of Europe; expert for the implementation of the EDPB's Support Pool of Experts; and expert of the Digital Persuasion or Manipulation Expert Group. She holds an International Chair Starting Career position at the National Institute for Research in Digital Science and Technology (INRIA, 2023-2026) to work on technical and legal aspects of data protection. Prior to joining academia, Cristiana was a lawyer and worked as a legal adviser and lecturer at the Portuguese Consumer Protection Organization. Victor Morel holds a Ph.D in Computer Science from INRIA and works at the Security & Privacy Lab of Chalmers University in Gothenburg (Sweden). He is working on usable privacy for IoT applications, and his interests encompass privacy, data protection, networks security, usability and Human-Computer Interactions, applied cryptography, and the broad spectrum of ethics in technology. He is also a member of FELINN's collegiate council, a French association (1901) defending decentralization, privacy, and free software through popular education. Cristiana and Victor have co-authored a recent paper titled “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls”. With them we are directing our attention to consent walls in the context of publishers and the open market, having already dedicated two recent interviews to the “consent or pay” model as it concerns Instagram and Facebook (ie. Meta). We will also try to understand the challenges and potential conflicts of interest faced by CMP (Consent Management Platform) vendors.  References: Cristiana Santos at Utrecht University Victor Morel's bio and projects Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls (Cristiana Santos, Victor Morel, Viktor Fredholm, Adam Thunberg, 20/9/2023) Upcoming Workshop on Privacy in the Electronic Society - with Victor Morel (Copenhagen, November 26th 2023) EDPB: Report of the work undertaken by the Cookie Banner Taskforce CJEU to consider questions from IAB Europe TCF decision (Techcrunch) German court bans LinkedIn from ignoring “Do Not Track” signals (Townflex) Your Consent Is Worth 75 Euros A Year -- Measurement and Lawfulness of Cookie Paywalls (20/9/2022) IAB TCF 2.2 specification  

Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert we have addressed the recent public outcry about Instagram and Facebook becoming paid services for whoever does not want to see ads or consent to the data processing involved in running them. Given that we have already got used to seeing cookie walls on European news websites (in Germany, France, or Italy), we have aimed to open the wider debate around “Consent or Pay” business models. References: Le Conseil d'État annule partiellement les lignes directrices de la CNIL relatives aux cookies et autres traceurs de connexion Victor Morel, Cristiana Santos, Viktor Fredholm, Adam Thunberg: “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls” Report of the work undertaken by the EDPB Cookie Banner Taskforce IAB Europe Transparency and Consent Framework 2.2 (stops conflating legitimate interest and consent) EDPB Guidelines 05/2020 on consent under Regulation 2016/679 Robert Bateman on Twitter Robert Bateman on LinkedIn Giovanni Buttarelli (former EDPS), “Privacy 2030: A Vision for Europe” Google Privacy Sandbox

In this episode of Serious Privacy, powered by TrustArc, Paul Breitbarth of Catawiki and Dr. K Royal sum up recent developments in privacy, including Meta's intent to change its legal basis and offer Europeans a choice, a notable breach in the United Kingdom involving a former politician Nigel Farage and a CEO resigning due to a breach, a TikTok decision about its practices with minors, new U.S. state privacy law, and the If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal have an opportunity to catch up on a week on privacy. As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Please do like and write comments on your favorite podcast app so other professionals can find us easier.  As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO