What better timing than less than two weeks after the release of the (poorly drafted) proposed Digital Omnibus to issue a (ground-shaking) judgment on the interplay between the old e‑Commerce Directive (ECD) and the General Data Protection Regulation (GDPR)? Here’s a freshly delivered ruling from the Court of Justice of the European Union (CJEU) that … Continue reading
Latest Entries
On Pancakes, Paper Pudding, and the Draft Digital Omnibus: What Happens Next?
I thought I was done with blogging. Yet if the leaked digital Omnibus achieved anything positive, it was to bring me back to joyful collage… which is worth explaining. As for what comes next, we’ll have to wait, and make time, to search for antidotes. This post is about pancakes and paper pudding, and how … Continue reading
AI and the UK DPDI Bill: moving backward
The Data Protection and Digital Information (No. 2) Bill (DPDIB) has been introduced to Parliament on the 8th of March 2023. It is not a complete revamp of the first Data Protection and Digital Information Bill, but this time the intention is firm. The Department of Science, Innovation and Technology (DSIT) is determined to have … Continue reading
What if ChatGPT was much more than a chatbox? What if LLM-as-a-service was a search engine?
The Digital Services Act (DSA) is certainly one of the most interesting pieces of legislation adopted by the European Unions in the last few years. Just like the old e-commerce Directive (ECD), the DSA targets providers of intermediary services (i.e., the mere conduit, caching and hosting providers of this world) who continue to enjoy conditional … Continue reading
ChatGPT is banned? When Data Protection meets Online Safety!
Here we are! It took the Italian Data Protection Supervisory Authority (SA) only a few months to react to the widespread use of ChatGPT. On 30 March the SA ordered the immediate suspension of the processing of the personal data of data subjects located in Italy. OpenAI has been quick to react to the order, … Continue reading
content regulation / Copyright / Data protection / filtering / GDPR / Internet intermediaries / notice-and-action
The EU Commission and the tackling of illegal content: is more too much?
The European Commission (EC) Recommendation of 1.3.2018 on measures to effectively tackle illegal content online (C(2018) 1177 final) is now freely accessible. As readers know, this is not the first time the EC has attempted to express meaningful thoughts (for lack of a better word, as once again the instrument is not strictly speaking … Continue reading
Data Protection and data analytics: what is Art. 29 WP really saying to businesses wanting to innovate with data?
In three-month time, the General Data Protection Regulation (GDPR), will become applicable to many, if not all, data processing activities to which living individuals can be associated. Businesses operating in Europe have had about two years to prepare for this change. As readers know, even if the GDPR is a lengthy piece of … Continue reading
Online platforms & copyright: The CJEU v The EC?
Boosting the EU Digital Single Market is not an easy task. Full of energy, the European Commission (EC) disclosed its strategy one year ago in the Communication on Online Platforms and the Digital Single Market, in which it announced that “in the next copyright package, to be adopted in the autumn of 2016, the Commission … Continue reading
big data / Consumer data / GDPR / Legitimate interest / metadata / Privacy impact assessment / pseudonymisation
EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling
“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading
data controller / data protection agencies / facebook / GDPR / General Data Protection Regulation / Jurisdiction / liability / online platforms / Personal data / Social media
CJEU Advocate General opines on the definition of a data controller, applicable national law, and jurisdiction under data protection law
‘Cruise control for the social media age, or stuck in second gear?’ The issue of defining data controllership is “particularly thorny” says AG, and looking to become thornier as complete control is becoming less and less common in practice Last month, Advocate General (AG) Bot of the Court of Justice of the EU (CJEU) delivered … Continue reading