Podcasts about edpb

Azbesztügyben mindenki próbálja menteni a helyzetet, de ez több kárt hozhat, mint hasznot Olasz űrhajós is helyet kapott a Nasa következő Hold-küldetésében Adatvédelmi hatásvizsgálati dokumentáció elkészítéséhez nyújt segítséget az EDPB adatvédelmi hatásvizsgálati sablonja Rács mögé kerül az Instagram Három biztonsági résen át is hackelik már a Windows-okat, azonnal foltozni kell őket A figyelmünkön is ronthatnak az ultrafeldolgozott élelmiszerek Foci-vb-láz a nappaliban: egyre nagyobb és okosabb tévéket keresünk Jó tudni – A tudósok frissítették a szabályokat arra az esetre, ha idegeneket találunk Kiderült, mely iPhone-ok kaphatják meg a Google-esített iOs 27-et Lehalt a népszerű AI-platform: semmire nem válaszol a chatbot, a felhasználók kiakadtak A népek jóllétéért: pápai útmutatás a mesterséges intelligencia korában A további adásainkat keresd a podcast.hirstart.hu oldalunkon. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Azbesztügyben mindenki próbálja menteni a helyzetet, de ez több kárt hozhat, mint hasznot Olasz űrhajós is helyet kapott a Nasa következő Hold-küldetésében Adatvédelmi hatásvizsgálati dokumentáció elkészítéséhez nyújt segítséget az EDPB adatvédelmi hatásvizsgálati sablonja Rács mögé kerül az Instagram Három biztonsági résen át is hackelik már a Windows-okat, azonnal foltozni kell őket A figyelmünkön is ronthatnak az ultrafeldolgozott élelmiszerek Foci-vb-láz a nappaliban: egyre nagyobb és okosabb tévéket keresünk Jó tudni – A tudósok frissítették a szabályokat arra az esetre, ha idegeneket találunk Kiderült, mely iPhone-ok kaphatják meg a Google-esített iOs 27-et Lehalt a népszerű AI-platform: semmire nem válaszol a chatbot, a felhasználók kiakadtak A népek jóllétéért: pápai útmutatás a mesterséges intelligencia korában A további adásainkat keresd a podcast.hirstart.hu oldalunkon. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We're back with a Newsroom update. We will cover four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, competition and digital markets; and the future of media.This season's update includes:* Age-verification fines (insufficient controls, too much data collection) in the UK and Spain, EDPB age-verification guidelines, California's upcoming age-verification requirements* Enforcement actions in the US (public, private)* Guidelines for email tracking pixels in France and Italy* New ICO guidelines for storage and access technologies (exceptions for analytics, A/B testing, etc.)* Social Media bans across the world and what is failing* Data collection in the context of new media networks and AI labs.As announced - Firmas.io: a mobile application to complement the TODO.LAW ecosystem (contract management, signatures, credentials).All references and links (plus some bonus materials) can be found in a separate blog post available to paid Masters of Privacy subscribers on our website's Newsroom section (Newsroom Notes: Spring 2026).Our usual disclaimer: the voice that joins Sergio today is a text-to-speech output generated with Eleven Labs. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

¿Cómo se vive el Digital Omnibus desde la gran empresa? ¿Ayudan los cambios propuestos? ¿Firmamos acuerdos para el tratamiento de datos “no personales”?Silvia Gerboles es Delegada de Protección de Datos y Expert Senior Group Legal Counsel en la unidad Global Privacy Ericsson. Con más de 25 años de experiencia en protección de datos, privacidad y ciberseguridad. Dentro del Grupo Ericsson, Silvia lidera los asuntos globales de privacidad de los clientes y los flujos transfronterizos de datos a nivel mundial; actualmente está involucrada en la Gobernanza de Datos y el Uso de Datos e implementación AI. También desempeña el cargo de Delegada de Protección de Datos para algunas empresas del Grupo Ericsson.Basada en Madrid habiendo trabajado en distintas Firmas de Consultoría y Despachos de Abogados. Miembro del Colegio de Abogados de Madrid, posee un LLM por y un máster en Derecho de Propiedad Intelectual por IE. Certificada como Delegada de Protección de Datos por la AEPD y cuenta con varias certificaciones internacionales en privacidad.Nuestra invitada es docente habitual en materias de Privacidad de Datos, IT y Telecomunicaciones, en diferentes programas de máster y seminarios, y ha publicado varios trabajos sobre protección de datos, IT y Derecho Comercial.Referencias:* Silvia Gerboles en LinkedIn* El Parlamento Europeo adopta su posición para la simplificación de la normativa de inteligencia artificial (Digital Omnibus - paquete IA) en sesión plenaria, 26 de marzo de 2026 (EN)* Itxaso Domínguez de Olazábal: la improcedencia del Digital Omnibus, un opt-out para Europa y la broma de “consiente o paga” (Masters of Privacy, febrero de 2026)* Oliver Patel: How the Digital Omnibus affects the EU AI Act (EN, Masters of Privacy, diciembre de 2025)* Opinión conjunta del EDPB y el EDPS sobre el Digital Omnibus (EN, 11 de febrero, 2026). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Patente e dati del conducente, l'omessa comunicazione è sempre sanzionata? Inoltre, diritto all'oblio e tasto "cancella", diritto del correntista alla consegna del contratto bancario, affidamento in prova eseguito all'estero.>> Leggi anche l'articolo: https://tinyurl.com/3jb7c7pj>> Scopri tutti i podcast di Altalex: https://bit.ly/2NpEc3w

Send a textWelcome to the newest episode of the Serious Privacy podcast, where hosts Paul Breitbarth and Ralph O'Brien address the hot topics of the day with news updates across #privacy, #dataprotection, #security, #AI and #humanrights. No K Royal, who is on a well earned vacation!EDPB, EDPS, ICO, GPA, DUAA and other strings of letters all get discussed!Lots of news, case law, regulatory penalties to discuss including;https://www.edps.europa.eu/data-protection/our-work/publications/events/2026-02-12-data-takes-flight-navigating-privacy-airport_enhttps://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/02/reddit-issued-with-1447m-fine-for-children-s-privacy-failures/https://ico.org.uk/media2/fb1br3d4/20260223-iewg-joint-statement-on-ai-generated-imagery.pdfhttps://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/02/ico-wins-court-of-appeal-case-in-dsg-retail-ruling/ If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Esta mañana el EDPB y el EDPS (Comité y Supervisor Europeo de Protección de Datos) han adoptado y publicado su opinión conjunta sobre el Digital Omnibus. Han pedido al legislador no tocar la definición de datos personales, y no intentar implementar una base legal específica para el desarrollo de la IA. También han pedido más cuidado con la derogación de la prohibición para procesar datos sensibles y dejan claro que no les parece bien que la Comisión Europea se arrogue la potestad de decidir qué datos son o no personales. Dan sin embargo la bienvenida a los cambios que afectan a ePrivacy para acabar con la epidemia de banners de cookies.Con Itxaso Domínguez de Olazábal habíamos revisado precisamente estos elementos del Digital Omnibus hace unos días. Nuestra invitada ha resultado estar muy alineada con el veredicto del EDPB/EDPS y nos ha ofrecido un análisis de todos ellos.Itxaso Domínguez de Olazábal es Policy Advisor en la asociación de derechos digitales EDRi (European Digital Rights) con sede en Bruselas. Es doctora en Estudios Árabes e Islámicos por la Universidad Autónoma de Madrid, experta en protección de datos personales y privacidad con un profundo conocimiento del entorno digital y la recolección de datos en el marco de los modelos de negocio que predominan en internet. Su trabajo explora la intersección de la tecnología, el espionaje masivo y el imperativo de proteger a comunidades vulnerables dentro y fuera de la UE.Itxaso ha trabajado con 7amleh dedicada a defender los derechos digitales del pueblo palestino, como tambi´ne lo ha hecho en el Parlamento Europeo y la delegación de la UE a Egipto. Además de su rol en EDRi, nuestra invitada es profesora de relaciones internacionales y geopolítica, colaborando frecuentemente con instituciones académicas y think tanks.Referencias:* Itxaso Domínguez de Olazábal en LinkedIn* EDRi* Digital Omnibus (paquete)* María Luisa González Tapia: la delgada línea azul (Masters of Privacy, especial 28 de enero sobre la definición relativa del dato personal)* Joaquín Muñoz: la protección de datos ante el aprendizaje federado y la computación cuántica (Masters of Privacy, diciembre de 2022, introduciendo el concepto de PETs o Privacy Enhancing Technologies)* Opinión conjunta del EDPB y el EDPS sobre el Digital Omnibus (EN, 11 de febrero, 2026)* Global Privacy Control (GPC). This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

¿Resistirá la distinción entre responsables y encargados del tratamiento a la evolución y modularización de las relaciones comerciales? ¿Es realmente gestionable la pirámide (o Matrioska) de subencargados?César Naveira es abogado, Senior Counsel para protección de datos e Inteligencia Artificial en la oficina londinense de Mastercard desde hace cuatro años, habiendo pasado antes cinco años en American Express como director del equipo de protección de datos en EMEA. Antes de esto trabajó en Barclays, incluyendo el rol de DPO de Barclaycard en España y Portugal. César se formó además profesionalmente en la Agencia Española de Protección de Datos, donde pasó casi tres años.Referencias:* César Naveira Barrero en LinkedIn* Elizabeth Renieris: On the illusion of control and the trade-offs of innovation (Masters of Privacy, marzo de 2021)* Dictamen 22/2024 dictamen sobre determinadas obligaciones derivadas de la dependencia de los encargados y subencargados del tratamiento (octubre de 2024)* Robert Bateman: the EDPB's Opinion on auditing subprocessors and the future of Meta's unskippable ads (Masters of Privacy, noviembre de 2024)* Javier Sempere: reclamaciones transfronterizas, sanciones por brechas declaradas y multas curiosas (Masters of Privacy, noviembre de 2025)* Caso por responsabilidad derivada de la falta de control sobre los sub-encargados (incumplimiento del artículo 28 del RGPD) de una empresa de “streaming” (Tribunal Regional de Lübeck) [DE]. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Send us a textWe are back! Welcome to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth. Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textJoin your hosts on this week of Serious Privacy,  Paul Breitbarth, Ralph O'Brien, and Dr. K Royal as they close out 2025 with favorite moments and episodes, state law review, and predictions. And of course, a little bit about EU data protection. We'll be back January 28, global privacy / data protection day! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Was ist in der KW 49 in der Datenschutzwelt passiert, was ist für Datenschutzbeauftragte interessant? - EuGH: Betreiber von Online‑Marktplätzen sind für sensible Daten in Anzeigen verantwortlich (C‑492/23) https://curia.europa.eu/juris/document/document.jsf;jsessionid=E7227AA01DBE70095919D8414934FC96?text=&docid=306764&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=15796887 - EDPB‑Sitzung: Datenschutz im Online‑Shopping und Diskussion des Digital Omnibus https://www.edpb.europa.eu/news/news/2025/edpb-gives-recommendations-make-online-shopping-more-respectful-users-privacy_de#:~:text=EDPB%20gives%20recommendations%20to%20make,and%20appoints%20new%20Deputy%20Chair - VG Berlin, Urteil vom 09.10.2025, Az. 1 K 463/22 (juris): Recht auf Auskunft https://www.juris.de/static/infodienst/autoren/D_NJRE001626768.htm - Bundesgerichtshof, Urteil vom 11.11.2025, Az. VI ZR 396/24 Auftragsverarbeiter https://rewis.io/urteile/urteil/gbt-11-11-2025-vi-zr-39624/ Veröffentlichungen & Veranstaltungen - LfDI Baden‑Württemberg zieht um: neue Adresse ab 22.12.2025 - BSI‑Leitfaden: KI sicher in industriellen Steuerungen integrieren https://www.cisa.gov/resources-tools/resources/principles-secure-integration-artificial-intelligence-operational-technology - noyb‑Analyse: Digital Omnibus gefährdet Datenschutz https://noyb.eu/sites/default/files/2025-12/noyb%20Digital%20Omnibus%20Report%20V1.pdf - noyb‑Studie zu „Pay or Okay“: Nutzer bevorzugen dritte Option https://noyb.eu/sites/default/files/2025-12/noyb_Consent_or%20Pay_Study_User_Choice.pdf Weitere Infos, Blog und Newsletter finden Sie unter: https://migosens.de/newsroom/ X: https://x.com/ds_talk?lang=de Übersicht aller Themenfolgen: https://migosens.de/datenschutz-podcast-themenfolgen/ (als eigener Feed: https://migosens.de/show/tf/feed/ddt/) Instagram: https://www.instagram.com/datenschutztalk_podcast/ Folge hier kommentieren: https://migosens.de/eugh-urteil-zu-online-marktplatzen-ds-news-kw-49-2025/

Anu Talus was elected Chair of the European Data Protection Board in May of 2023. The EDPB, which was established in 2018, ensures that the EU General Data Protection Regulation and Data Protection Law Enforcement Directive are consistently applied in the EU. It also provides general GDPR guidance, adopts findings to ensure the GDPR is implemented consistently across member nations, advises the European Commission on data protection matters, and encourages DPAs to work together.    In other words, leading the EDPB is no small task, especially in an increasingly complex digital marketplace during the dawn of the AI Era. While here in Brussels, IAPP Editorial Director Jedidiah Bracy sat down with Chair Talus during an especially significant week in EU data protection on the eve of the release of the EU's Digital Omnibus package, which proposes to amend parts of the GDPR and other EU digital regulations.    In this wide-ranging conversation, Bracy and Talus discuss the EDPB's priorities and work in these transformative times. 

The European Commission is preparing to codify “legitimate interest” as a lawful basis for AI training — a reform that could become the most significant update to the GDPR since 2018.In this episode, Giulio Coraggio, Technology & Data Lawyer at DLA Piper, explores how this proposal could reshape the legal foundations of AI development, bridging the gap between data protection and innovation.

Robert Bateman is a Senior Partner at Privacy Partnership, which provides consultancy and training on data protection and AI regulation, as well as legal advice via its associated law firm, Privacy Partnership Law. He also hosts The Privacy Partnership Podcast.This is Robert's third appearance on the show. We have covered three hot topics:* How far do we take watermarking of AI-generated content under article 50 of the AI Act?* How do pre-defined legitimate interest scenarios work under the UK Data (Use and Access) Act?* What is the tension between the Online Safety Act and the new data protection framework in the UK?References:SIGN UP NOW for the Masters of Privacy NYC LIVE recording and networking event on Nov 6 (if you happen to be in town)* Robert Bateman on LinkedIn* Robert Bateman on Bluesky* The Privacy Partnership Podcast* AI Act (EU Commission's resources)* Data (Use and Access) Act 2025: data protection and privacy changes* The EU approach to age verification (EU Commission)* EU follows UK with age verification in 2026 (PPC Land)* Wikipedia loses challenge against Online Safety Act verification rules (BBC)* Robert Bateman: the EDPB's Opinion on auditing subprocessors and the future of Meta's unskippable ads (Masters of Privacy, Nov 2024)* Robert Bateman: Consent or Pay (Masters of Privacy, Oct 2023) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Send us a textOn this episode of Serious Privacy, Paul Breitbarth brings us news from the Global Privacy Assembly held in Korea and Dr. K Royal has fun with privacy trivia! Ralph O'Brien is out this week. Open offer to all fans... if you answered all the questions correctly, send oneof us your address and we will send you a sticker for playing Trivacy! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Ralph O'Brien of Reinbo Consulting and Dr. K Royal (Paul Breitbarth is travelling) discuss current events in privacy, data protection, and cyber law. Fascinating episode with all the hot stories which seem to follow a theme - adequacy and child online safety, plus some enforcements. Coverage includes the decision on the European Court's decision on the Latombe suit challenging the adequacy of the EU-US thingie, Brazil, Tazania, Argentina, Austrailia, China, ChatGPT, and so much more! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Priya is privacy lead at Deutsche Bank,We'll talk about how she rose through the ranks.She's an EDPB expert for her expertise in new tech,Priya is a pro at keeping data in check!

In this episode of the Mobile Dev Memo podcast, I speak with returning guest Mikołaj Barczentewicz on the current state of DMA enforcement, including the recently-released text of the European Commission's April decision on Meta's Pay or Okay business model. Mikołaj returns to the podcast for his fourth appearance — he's a professor of law at the University of Surrey and holds a PhD in Law from the University of Oxford. He also regularly publishes insightful commentary on the EU regulatory landscape on his blog, EU Tech Reg.Among other things, we episode covers:An overview of the EC's April decision related to Meta's Pay or Okay model;What the EC says about the economic impact of DMA enforcement with its decision; The changes that Meta made to its business model in the EU after the EC and EDPB published their preliminary guidance on its Pay-or-Okay model; How this decision impacts other so-called gatekeepers; The knock-on economic implications of this decision;The latest developments in EU AI regulation.Thanks to the sponsors of this week's episode of the Mobile Dev Memo podcast:INCRMNTAL⁠⁠. True attribution measures incrementality, always on.⁠⁠⁠Clarisights⁠⁠⁠. Marketing analytics that makes it easy to get answers, iterate fast, and show the impact of your work. Go to⁠⁠⁠ clarisights.com/demo⁠⁠⁠ to try it out for free.Interested in sponsoring the Mobile Dev Memo podcast? Contact ⁠Marketecture⁠.

Send us a textIt's been a while since we last talked about cross-border data transfers, but that does not mean that all issues have resolved themselves. And while the focus may still largely be on the EU-US relations for data transfers, the core developments actually relate to the Global Cross-Border Privacy Rules. Therefore, on this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal connect with Noël Luke, chief assurance officer at TrustArc. She joined TrustArc in 2015 and is responsible for overseeing and enhancing TrustArc's robust assurance programs, which include certifications under the Global and APEC cross-border privacy rules, as well as verifications under the respective Data Privacy Frameworks between the US and the EU, UK and Switzerland. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth is away so Ralph O'Brien of Reinbo Consulting, and Dr. K Royal  bring you a full docket of privacy news. And it is a doozy of a week!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, and Dr. K Royal (Ralph O'Brien was traveling), we cover a wild wrap up of privacy activities, including Tom Kemp as the newly appointed head of the California Consumer Privacy Protection Agency, and a wide sweep of enforcement actions including Roku, Honda Motor Company, National Public Data, Tom Snyder, plus class actions against Insomnia and Pill Pack, and a reprimand sent to Deep Seek, IAPP's state privacy law tracker update, California is seeking public feedback on proposed regulations for the delete request and opt-out platform - the DROP system, CNIL's guidance on monitoring self-checkouts, and Meta's request for a court to invalidate the EDPB guidance (can't do it, it's not a law) and Belgium's new law plus quite a bit more. We are packed with news.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Paula Ortiz es abogada con más de dos décadas de experiencia en regulación digital, con foco en publicidad y protección de datos. Durante ocho años trabajó en la Agencia Española de Protección de Datos (AEPD), representando a España en foros internacionales, incluyendo el CEPD/EDPB. Después inauguró y trabajó durante una década el departamento legal e institucional de IAB Spain, desde donde publicó más de 20 guías cubriendo aspectos legales de la publicidad digital. Además de asesorar en estos temas, Paula es co-fundadora y directora de The Legal School, desde donde ayuda a los profesionales del derecho a adaptarse a la era digital y la Inteligencia Artificial. También imparte clases en IE University,  Deusto o ISDI - además de escribir habitualmente sobre publicidad digital.  Referencias: Paula Ortiz en LinkedIn The Legal School “Consiente o paga” en la UE: una línea temporal (diagrama ilustrativo: 2016-2025) Multa a Meta (200m euros) por incumplir la Directiva de Mercados Digitales (DMA) con el modelo “Consiente o paga” (Comisión Europea) Opinión del CEPD/EDPB sobre consentimiento o pago (grandes plataformas)  ICO: Consent or Pay guidelines  Stephen Almond: The UK ICO's Vision on a Privacy-Preserving AdTech Future (Not Just ADZ, febrero de 2025 - inglés) Alessandro De Zanche: “Consent or Pay”: a gift to MFAs and old ad tech agendas Sentencia Bundeskartellamt (TJUE)  La Croqueta: cómo devolver la cordura al solapamiento entre ePrivacy y RGPD antes de que los medios espanten a la poca audiencia que aún les queda (Sergio Maldonado, Medium) Cómo la Directiva de contenidos digitales terminará con el RGPD (Sergio Maldonado, Medium - Inglés) Robert Bateman: Consent or Pay (Masters of Privacy) Romain Robert: Pay or OK in AdTech (Masters of Privacy)

Send us a textOn this week of Serious Privacy,  Ralph O'Brien of Reinbo Consulting, and Dr. K Royal connect to cover a week in privacy as Paul Breitbarth is away. This weeks shorter episode includes a guide to what's coming up from Serious Privacy at IAPP summit in DC, a penalty from the UK ICO, EDPB draft Guidance on blockchain, state laws, enforcement actions, and more!Please subscribe in your favorite podcast app - sharing is caring! Some resourceshttps://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/04/law-firm-fined-60-000-following-cyber-attack/https://www.edpb.europa.eu/news/news/2025/edpb-adopts-guidelines-processing-personal-data-through-blockchains-and-ready_enhttps://iapp.org/resources/article/us-state-privacy-legislation-tracker/#state-privacy-law-chart Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth , Ralph O'Brien of Reinbo Consulting, and Dr. K Royal talk about the controversy with executive changes to the U.S. Federal Trade Commission #FTC, the UK #adequacy extension, and the Norwegian decision about Data Protection Officer #DPO conflicts of interest.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal cover a month in privacy. This includes UK adequacy, the March meeting of the European Data Protection Board where they released a statement on the implementation of the PNR directive, we talk about BCRS and the number of companies who have adopted BCRs and BSPRs, and the UK list of BCRs, court cases, we talk about the future of the GDPR and lots of data protection consultation, and that is just the European part of it.Please subscribe in your favorite podcast app - sharing is caring!  Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Theodore Christakis is Professor of International and European Law at University Grenoble Alpes (France), Director of the Centre for International Security and European Law (CESICE), Director of Research for Europe with the Cross-Border Data Forum, Senior Fellow with the Future of Privacy Forum and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre.  He is also Chair on the Legal and Regulatory Implications of Artificial Intelligence with the Multidisciplinary Institute on AI, and has been a member of the French National Digital Council, currently serving as a member of the French National Committee on Digital Ethics as well as a member of the International Data Transfers Experts Council of the UK Government.  With Theodore we have gone through “the good”, “the bad”, and “the ugly” in the EDPB Opinion on LLMs and personal data. We have also examined the Deepseek affair, as well as the challenges posed by hallucinations in generative AI.  References: Théodore Christakis' SSRN Author Page Théodore Christakis on LinkedIn EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) Lokke Moerel: using personal data in the development and deployment of AI models (Masters of Privacy) Théodore Christakis, ‘European Digital Sovereignty': Successfully Navigating Between the “Brussels Effect” and Europe's Quest for Strategic Autonomy  Théodore Christakis, Cyber-Attacks – Prevention-Reactions: The Role of States and Private Actors Multidisciplinary Institute on AI Université Grenoble Alpes: Centre d'études sur la sécurité internationale et les coopérations européennes.

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode's blog post.

Partners Catherine Castaldo, Andy Splittgerber, Thomas Fischl and Tyler Thompson discuss various recent AI acts around the world, including the EU AI Act and the Colorado AI Act, as well as guidance from the European Data Protection Board (EDPB) on AI models and data protection. The team presents an in-depth explanation of the different acts and points out the similarities and differences between the two. What should we do today, even though the Colorado AI Act is not in effect yet? What do these two acts mean for the future of AI?

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal, catch up on data protection and privacy developments from around the globe. Up for discussion this week:The repeal of the proposal for an ePrivacy Regulation and AI Liability Directive (link)The EDPB guidelines on age assurance and recommendations to the World Anti Doping Agency (link)The ICO Direct Marketing Advice generator (link)Utah Age Verification (link)Danish Petitition to buy California (link) Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

My guest on this week's episode of the podcast isMikołaj Barczentewicz. Mikołaj has appeared on the podcast a number of times -- he's a professor of law at the University of Surrey and holds a PhD in Law from the University of Oxford. He also regularly publishes thoughtful commentary on the EU regulatory landscape on hisSubstack.In this episode of the podcast, among other topics, we discuss:The EU's AI Act, which was passed in July 2024;The broad status of AI regulation in the EU;The Hamburg DPA's proposal that large language models do not store personal data and whether that view might be adopted broadly;The EDPB's updated guidance on the ePrivacy Directive;Google's decision to route cookie deprecation in Chrome through consent and whether the CMA is likely to accept that.Thanks to the sponsors of this week's episode of the Mobile Dev Memo podcast:INCRMNTAL⁠⁠. True attribution measures incrementality, always on.⁠⁠⁠Clarisights⁠⁠⁠. Marketing analytics that makes it easy to get answers, iterate fast, and show the impact of your work. Go to⁠⁠⁠ clarisights.com/demo⁠⁠⁠ to try it out for free.ContextSDK. ContextSDK uses over 200 smartphone signals to detect a user's real-world context, allowing apps to deliver perfectly timed push notifications and in-app offers.Interested in sponsoring the Mobile Dev Memo podcast? Contact ⁠Marketecture⁠.

Send us a textOn this week of Serious Privacy, Paul Breitbarth of Catawiki, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal launch the first week in privacy for 2025. Topics include State laws in the US entering into effect (link to White & Case article, but bonus for 10 areas for US-based privacy programs to focus in 2025 from Hintze Law) to a TikTok ban that was there and then it wasn't. European Data Protection Board opinions. Court of Justice of the EU. Regulatory issues in Kenya. so much more. and did we even talk about Deepseek? Remember to like and subscribe! Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley#heartofprivacy #europaulb #igrobrien #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Carey Lening, JD, CDPP writes, speaks, and consults on data protection, law, technology, and fractal complexity in systems. Currently based in Ireland, Carey has over 20 years of experience in thinking about hard problems and helping people arrive at practical solutions. Besides providing data protection compliance support to select clients, Carey runs Privacat Insights, a newsletter that offers a paid tier with exclusive content, members-only Q&A, a slack channel and a yearly meetup. References: Privacat Insights 18,000 words. Four Questions. Much Delegation. Little Guidance EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Privacy Disasters: Microsoft, Just Because You Can (Recall) Privacy Disasters: AI Spy-Wearables, and the Scourge of Competing Friendants An early adopter's thoughts on Rewind.ai's $350m pivot Privacy Disasters: FaceHuggers Are Eating Your Skeets Carey Lening on LinkedIn Carey Lening on Bluesky (Jeffrey Pfeffer) Power: Why Some People Have it and Others Don't  

Lokke Moerel is a leading global expert on new technologies, Artificial Intelligence (AI), Big Data, and the Internet of Things, as well as Morrison & Foerster's lead counsel on Binding Corporate Rules (BCR), with vast experience advising multinational companies in obtaining their BCR approvals throughout the EU. She has also authored the leading textbook on the subject, published by Oxford University Press.   We recorded this interview prior to the publication of the European Data Protection Board's opinion on AI models and GDPR principles, following both a discussion paper issued by Hamburg's Supervisory Authority (“Do LLMs contain personal data?”) and an announcement by the Irish Data Protection Commissioner that it would open an investigation into Google's PaLM model.   A separate interview on the same topic, with Jorge Garcia Herrero, was released last week on our Spanish-language channel. References: Do LLMs 'store' personal data? This is asking the wrong question (Lokke Moerel, Marijn Storm) Lokke Moerel on LinkedIn Lokke Moerel, Morrison & Foerster  EDPB opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models Discussion Paper: Large Language Models and Personal Data (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) Large Language Models do not store personal data: the LLM discussion paper of Hamburg's DPA with Dr. Markus Wünschelbaum (PrivacyPod) Data Protection Commission launches inquiry into Google AI model (DPC) ChatGPT provides false information about people, and OpenAI can't correct it (NOYB) Report of the work undertaken by the EDPB ChatGPT Taskforce (May 2024) [ES] Jorge García Herrero: ¿Contienen datos personales los LLM? ¿Cómo aplicamos el RGPD a los sistemas de IA generativa? (Masters of Privacy)

Has honour been restored to the Legitimate Interest legal basis after the CJEU Royal Dutch Tennis Association decision and subsequent EDPB Guidelines? Is the GDPR showing signs of rustiness? Has it instead become a new religion?  Rie Aleksandra Walle brings over seventeen years of professional experience across both the private and public sectors, having worked at Kristiania University College, Ernst & Young, Nordic Innovation and the Norwegian Agency for Public Management and eGovernment. Rie is behind the DPO Hub, which helps busy DPOs by offering concise summaries and key practical takeaways from key CJEU rulings, EDPB documents and DPA decisions, as well as by putting together a community around it. She is also the host of the Grumpy GDPR podcast. References: The Grumpy GDPR Podcast (NoTies Consulting) DPO Hub Rie Aleksandra Walle on LinkedIn Rie Aleksandra Walle on Bluesky KNLTB vs. Dutch DPA (CJEU decision) EDPB Guidelines 1/2024 on processing of personal data based on legitimate interest Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Serious Privacy (Podcast): Comments on the KNLTB case and other updates  Peter Craddock: ePrivacy exceptions, advertising, analytics, the limits of consent and server-side processing (Masters of Privacy) Rie Aleksandra Walle: the DPO's guide to better resources, constructive debates, and a happier life (Masters of Privacy)

Send us a textOn this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a relatively slow week in privacy, including a settlement with Oracle out of California, some new WorldCoin investigations, KOSA, and a position paper from BEUC so we also throw in some frank discussion of AI tools and how they can help in our personal and professional lives.Tune in for some #livinglearninglaughing.  If you have comments or questions, find us on LinkedIn and IG @seriousprivacy, and on Blue Sky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Robert Bateman is a data protection writer, trainer, and consultant. He has published innumerable articles on the topic, as well as led panel discussions and interviewed key well-known figures in the space on stage, at well-known privacy conferences. Besides freelancing as content creator, he is an associate with Act Now Training and a Subject Matter Expert with Heward Mills, a data protection consultancy.  With Robert, who's here for a second time, we are going to revisit recent EDPB (or European Data Protection Board) opinions on data processor auditing requirements and Meta's Consent or Pay model, with its latest twist in mind (a brand new third option with generic, unskippable ads). References: Robert Bateman on LinkedIn EDPB Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors Meta adds a Plan C to its Pay or Consent model EDPB Guidelines on the technical scope of article 5.3 of the ePrivacy Directive Robert Bateman: Consent or Pay (Masters of Privacy, October 2023)

Time for a Newsroom summarizing everything that's happened in our usual areas of focus, although we are dropping the last two (Zero-Party Data and Future of media) this time around.  ePrivacy & Regulatory Updates Enforcement On September 5th, the CNIL fined CEGEDIM SANTÉ 800,000 euros for processing health data without authorization. The healthcare software provider collected sensitive personal information, assigning a unique identifier for each patient of the same doctor. This method was considered sufficient to ensure that personal data remained anonymous in order to put together certain comparative studies, but the CNIL concluded that, given the risk of re-identification, it could merely be considered pseudonymized, exposing a breach of the GDPR as a result (for starters, patients had not been informed of additional purposes). A Reference was made to the EDPB's Opinion 05/2014 on Anonymisation Techniques.  On September 27th The Irish DPC issued a 91 million euro fine to Meta for storing certain user passwords in plain text files.  On October 22nd, NOYB filed a claim against Pinterest before the French supervisory authority alleging that the company relies on legitimate interest to underpin its behavioral advertising practices, in contravention of the CJEU Bundeskartellamt decision. The social network has also been accused of breaching the transparency principle and not responding to data subject requests appropriately.  On October 24th, the Irish DPC imposed a 310m EUR fine on LinkedIn. The professional social network is not properly applying a valid legal basis for targeted ads and the processing of first party data about their members, despite referring to three separate grounds: consent, legitimate interest and contractual necessity. This has also resulted in a breach of the fairness principle. On October 30th, the California Privacy Protection Agency announced an investigative sweep of data broker registration compliance under the Delete Act. This law requires data brokers to register with the CPPA and pay a fee annually.  On November 6th, the Canadian government ordered the closure of TikTok in the country. Citizens are however allowed to keep using the app, as this is considered a personal choice.  Legal updates and guidelines On October 4th, the CJEU resolved a famous dispute between the Royal Dutch Lawn Tennis Association and the Dutch DPA. The latter had imposed a fine on KNLTB for relying on legitimate interest for sharing data with its sponsors for purposes of direct marketing. Five days later, the EDPB requested comments on its draft Opinion on processing data on the basis of Legitimate Interest: It is made clear that this legal basis should not be treated as a “last resort” as it is of equal value to the rest, and a differentiation is made between an interest (or broader benefit that a controller may have) and a purpose (or specific reason why the data is processed). The Opinion has also stated that an interest must be related to the data controller's activities. On the same day (October 9th), the EDPB adopted its Opinion 22/2024 on certain obligations following from the reliance on processors and sub-processors: every controller should extend the diligence they currently have over direct processors to the entire chain of custody, no matter how many degrees apart.  On October 16th, the EDPB adopted new Guidelines on the technical scope of article 5.3 of the ePrivacy Directive: given that very little has changed since they opened up an initial draft for comments, we recorded a separate episode with Peter Craddock pondering the far reaching implications of these Guidelines.  Turning our attention to the UK, on October 7th the UK ICO launched its own Data Protection Audit Framework including self-assessment toolkits and other practical resources.  Also, the UK Data Protection reform is back, now with a Data Use and Access Bill (with a second reading announced on November 1st). It maintains an exception for analytics cookies that will not require consent. DPOs are back on the table (the previous reform proposal was getting rid of the role).  On November 5th EDPB adopted its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement. The redress mechanism has been implemented successfully but it is yet not being widely used. The EDPB has voiced concerns about recent changes to Section 702 FISA and how that could expand the role of private companies in gathering data about EU citizens.  MarTech and AdTech On November 12th, Meta introduced a plan C to its Pay or Consent models, having been told by the EDPB that the current proposal would not be acceptable. A third option (besides paying and relying on behavioral ads) is now available which will use less data and remain mostly contextual. It will also compensate its decreased targeting capabilities with increased audience reach by showing ads (“ad breaks”) that become unskippable for a few seconds. A study conducted by Boston University has concluded that the Protected Audiences API (building on the formerly called FLEDGE protocol, a part of Chrome's Privacy Sandbox), can produce similar results to those of third party cookies in the context of retargeting campaigns.  On November 5th, David Raab, who back in the day had coined the label CDP (Customer Data Platform), published a provocative piece titled “The Composable CDP is Dead”. In summary the author argues that all CDPs have already caught up with the modularization that came from sitting on top of more flexible data warehouses, so every single CDP has either become a niche modular component or an all-encompassing, highly-modularized software suite. In sum, the term will not help a Hightouch differentiate itself uniquely any longer. We suggest that you listen to our interviews with Tejas Manohar and Jonathan Mendez, CEOs of Hightouch and Neuralift AI respectively, for further context.  AI, Competition and Digital Markets The community is still recovering from Hamburg's DPA's opinion (adopted on July 15th) stating that LLMs do not contain personal data. The supervisory authority made three key points that we will be covering with some future guests: a) No personal data is stored in LLMs; b) Data subject rights as defined in the GDPR cannot relate to the model itself, but they can be exercised against the provider or deployer of a system built on top of such models, with regards to the input or output of such system; c) The training of LLMs using personal data must comply with data protection regulations.  The Irish DPC announced an investigation into Google's foundational AI model (PaLM 2) on September 12th, with a focus on the DPIA that Google is expected to have undertaken.  An ICO report released on November 8th found that AI recruitment technologies can filter candidates according to protected characteristics including race, gender, and sexual orientation. On November 13th, Meta received an 800,000 EUR fine for anti-competitive practices in the bundling of its Marketplace feature with the primary Facebook application. So, they have leveraged their control over one market to take control of another, adjacent market, in this case threatening pretty large companies in the classified ads space. That's it for today! Thanks again for listening.  

The EDPB has finally adopted its much feared Guidelines on the scope of article 5.3 of the ePrivacy Directive, but consent may still be avoided in some cases not specifically covered by an exemption (e.g., analytics). Absent such an exception, and in light of dismal consent rates, publishers and platforms have embraced highly controversial “Consent or Pay” models. Plan C? Server-side processing (Conversion APIs, Enhanced Conversions, Data Clean Rooms…), not without its own challenges. We have gone through all of it with Peter Craddock in his second appearance on Masters of Privacy.  Peter Craddock is a lawyer as well as a software developer, and he uses this dual background to help clients find legal solutions to technical problems and technical solutions to legal problems. He is based in Brussels and helps international companies with their global data strategy and with EU data litigation. He notably has strong expertise in the legal aspects of digital advertising and adtech, and has been one of the most prominent commentators of recent legal developments in that area. References: Peter Craddock on LinkedIn Op-Ed: A critical analysis of the EDPB's "Pay or Consent" Opinion (Peter Craddock) Peter Craddock: Comparison of the final version of the EDPB's ePrivacy guidelines with the version of November 2023 (including links to more in-depth comments on those guidelines) EDPB Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms AEPD guidelines for the use of cookies without need for consent in the context of digital analytics (ES) Peter Craddock on Masters of Privacy (February 2024): Could core advertising components fall under the “strictly necessary” exemption of the ePrivacy Directive? Romain Robert: Pay or OK in AdTech - How it started and where it's going (Masters of Privacy) Renzo Marchini: Unintended consequences of the EDPB guidelines on storage and access under article 5.3 of the ePrivacy Directive (Masters of Privacy)  Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls (Masters of Privacy) Robert Bateman: Consent or Pay (Masters of Privacy) Peter Hense: How first party data will kill CMPs (Masters of Privacy)

Send us a textThis episode of Serious Privacy should actually have been released two weeks ago, but life happened... As usual however, Paul Breitbarth and Dr. K Royal discuss recent developments in privacy and data protection laws around the world. In this episode, they discuss:Opinion on certain obligations following from the reliance on processor(s) and sub-processor(s)Guidelines on the processing of personal data based on legitimate interestC-621-22 Koninklijke Nederlandse Lawn Tennisbond v Autoriteit PersoonsgegevensGrumpy GDPR podcast on the EDPB subprocessors opinion. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Monica Meiterman-Rodriguez is a Partner at Tueoris, an international privacy and security consulting firm, currently residing in Barcelona. She utilizes her US law degree and her experience in data protection and privacy to assist global clients in developing, maintaining, or growing their privacy programs. She has experience supporting compliance across global regulations including US state and federal requirements, EU/UK GDPR, PIPEDA, LGPD, etc. in addition to advising on specialized matters in the AdTech space such as targeted advertising, data analytics, AI and growing industry guidance (e.g., IAB, DAA, etc.). Monica is a member of the New York State Bar, New Jersey State Bar, as well as a Certified Information Privacy Professional (CIPP/US/E) and the Chapter Chair of the IAPP in Barcelona (Spain). References: Monica Meiterman on LinkedIn California Consumer Privacy Act EDPB Guidelines 01/2022 on data subject rights - Right of access GDPR Violation: German Privacy Regulator Fines 1&1 Telecom(BankInfoSecurity) Groupon Ireland Operations Limited – March 2024: the DPC finds that Groupon infringed Article 5(1)(c) GDPR by having initially required the complainant to provide a copy of their ID in order to verify their identity for the purposes of their access and erasure requests.

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a couple of weeks in privacy. Topics include the Vermont Privacy Act veto heard around the world, updates in the European Parliament, the Digital Advertising Alliance webchoices 2.0, a joint investigation by the UK and Canada into the 23andMe breach, Clearview AI's settlement proposal, noyb's complaint against Google for its privacy sandbox, the Apple Intelligence announcement, Hong Kong's guide on AI, the US Supreme Court's acceptance to hear the Meta case, the EDPB's new deputy chair, and discussion about learning AI, strategy, and seeking AIGP certification by IAPP, including the AIGP Body of Knowledge. Tune in for some living, learning, and laughing. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

We are closing this season with a Spring Newsroom before we officially kick off the summer, summarizing everything that's happened in the past quarter across our usual five sections: ePrivacy (enforcement, regulatory updates), MarTech/ AdTech, AI/ Competition/ Digital Markets, PETs/ Zero-Party Data, Future of media.  This includes: EDPB's ChatGPT Task Force report EU Digital Wallets Privacy Sandbox news EU Commission vs. Apple's App Store LLM updates (Llama3, GPT 4o, Gemini, Apple Intelligence) Meta AI *not* training on EU user data Mozilla's acquisition of Anonym Oracle's exit from AdTech Revolut ads Microsoft Copilot+ Recall retreat The Trade Desk's curated list of publishers FCC fines to telecom operators for the sale of location data Consent or Pay news TikTok ban. A full transcript with links and additional resources can be found on the PrivacyCloud blog.   

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal cover a couple of weeks in privacy - on the scary side. Topics include updates on the global CBPRs and PRPs, NOYB launched a complaint against open AI with the austrian data protection authority and 11 complaints against META, Italy reinstates chatGPT, the EDPB chatGPT task force report,  a lawsuit against General Motors for IOT, the U. S. Department of Commerce announced some new initiatives under the AI order for NIST, the FCC fined four major us wireless carriers $200 million for unlawfully sharing customers location data without consent, the Florida governor signed a bill mandating explicit disclaimers on political advertisement to ensuring transparency in AI used for political campaigns, the Dutch Data Protection Authority issued guidance against the web scraping, Australian officials announced an overhaul of their privacy act. Carly Kind, IAPP AI governance global happened in Brussels. the women in AI emerald de leeuw shoshana rosenberg. the California Privacy Protection Agency's hearing is set for June 21st in the Superior Court of California, Maryland also signed in two significant measures for online data protection. The Maryland kids code. the Nordic data protection authorities adopted joint principles on children and online gaming. Leena Kuusniemi If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company had a few major developments to discuss, such as the ban or forced sale of TikTok (which was signed as we were talking), the EDPB opinion on Meta's consent or pay model, a final rule issued by the U.S. Department of Health and Human Services Office for Civil Rights on privacy of reproductive rights, Nebraska's privacy law, and more. If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

My guest on this episode of the Mobile Dev Memo podcast is Mikołaj Barczentewicz, a law professor at, and the research director of, the Law and Technology Hub at the University of Surrey in the United Kingdom. In this episode of the podcast, Mikolaj and I discuss the EDPB's recently published opinion on the use of the Pay or Okay model by "large online platforms." Mikolaj most recently joined the podcast in December of last year to speak with me about Meta's introduction of the Pay or Okay model. In this episode, we cover the EDPB's opinion invalidating that specific use. Topics explored in our conversation include: A high-level overview of the EDPB's opinion; How the EDPB presents Meta's use of Pay or Okay as not providing a valid consent mechanism; The EDPB's definition of "large online platforms"; The other platforms to which the opinion might apply; The ways in which the opinion doesn't contradict the CJEU's commentary on Pay or Okay from last July; What happens next with respect to Pay or Okay. Thanks to the sponsors of this week's episode of the Mobile Dev Memo podcast: ⁠⁠INCRMNTAL⁠⁠⁠. True attribution measures incrementality, always on. Interested in sponsoring the Mobile Dev Memo podcast? Contact ⁠⁠Marketecture⁠⁠.

Amy Worley is Managing Director at BRG, a global leader in data protection, information security, and AI governance. A licensed attorney, certified privacy professional, and certified information systems security professional, Amy formerly served as the Chief Privacy Officer for a billion-dollar pharmaceutical and medical device company and now serves as a fractional Data Protection Officer for several multinational companies.  Amy's consulting practice is focused on helping clients implement sustainable programs that result in meaningful compliance with state, national, and regional laws and build corporate trust. She is passionate about the intersection of data, people, and power.   References: Amy Worley on LinkedIn BRG: Privacy and Data Protection services Draft: American Privacy Rights Act 2024 Dragos Tudorache: Dealing with foundation models, data protection, and copyright in the EU AI Act (Masters of Privacy) EDPB Guidelines 8/2020 on the targeting of social media users  

Guest: Elena Elkina, Partner / Privacy & Data Protection Management Executive, Aleada Consulting [@AleadaPrivacy]On LinkedIn | https://www.linkedin.com/in/elenaelkina/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, the spotlight is on the complex world of data privacy, specifically focusing on the French data protection authority, CNIL, and its broader implications on global privacy and data protection practices. Joining the conversation is Elena Elkina, a seasoned privacy and data protection executive. With nearly two decades of experience in the field, Elkina shares her expertise on the evolving landscape of privacy laws and the challenges businesses face in operationalizing these regulations.The discussion opens up with an exploration of various privacy frameworks, including GDPR, CNIL, TIA, EDPB, and ICO, unraveling the interconnected yet distinct nature of these acronyms in the realm of data protection. Elena Elkina delves into the intricacies of the CNIL and its recent draft guidance on Transfer Impact Assessments (TIA), emphasizing its practical approach and the operational guidance it offers to companies dealing with data protection across different jurisdictions.A significant part of the conversation is dedicated to understanding the legal and operational challenges associated with TIA, including the legal analysis required for transfers to third countries, the importance of documenting and periodic reevaluation, and the role of both data importers and exporters in ensuring compliance. Elkina highlights the collaboration required between these parties and the importance of comprehensive documentation to demonstrate compliance efforts.Additionally, the dialogue touches upon broader themes, such as the differences between privacy approaches in the United States and the European Union, the impact of new privacy laws and regulatory guidance, and the importance of organizational data hygiene.Throughout the episode, both Martin and Elkina underscore the importance of justification, documentation, and transparency in navigating the complex landscape of international data transfers. The conversation serves as a crucial guide for businesses looking to align their data protection practices with regulatory requirements and industry best practices, providing valuable insights into the ongoing evolution of privacy and data protection obligations.Top Questions AddressedWhat is the role of CNIL in data protection?How do data transfer impact assessments work?What does the new executive order on data protection mean for American companies?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Rie Aleksandra Walle brings over seventeen years of professional experience across both the private and public sectors, having worked at Kristiania University College, Ernst & Young, Nordic Innovation and the Norwegian Agency for Public Management and eGovernment.  Rie is behind the DPO Hub, which helps busy DPOs by offering concise summaries and key practical takeaways from key CJEU rulings, EDPB documents and DPA decisions, as well as by putting together a community around it. She is also the host of the Grumpy GDPR podcast. With Rie we will explore her own tips and tricks to stay sharp and up to date, avoiding a myriad of shallow or confusing sources and digging for the best possible answers at all times - all of it while avoiding clickbait, radical opinions and the avalanche of so-called privacy experts clogging LinkedIn feeds. References: How to stay up to date as a DPO The Grumpy GDPR Podcast (NoTies Consulting) DPO Hub Rie Aleksandra Walle on LinkedIn  

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company connect with Rie Aleksandra Walle. The original grumpyGDPR podcaster, to discuss current events and the DPO Hub. Join us for a rousing great conversation about the EU, Irish DPC, the most challenging part of compliance for companies, and so much more… If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company kick off Season 5 with a Bang! As usual, we launch the new season on Data Privacy - Data Protection Day and what a year we've had so far! If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO