On October 7, 2022, U.S. President Biden signed the long-awaited Executive Order (EO) on ‘Enhancing Safeguards for United States Signals Intelligence Activities‘. Some would say it is merely a memorandum on how the US will continue to spy on individuals. Others would say it is an effort to control the intelligence system in place without […]
English Posts

Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]

Art. 9 GDPR: What counts as special categories of personal data?
In its judgment of August 1, 2022, the CJEU extended the scope of application of Art. 9 GDPR to “indirectly sensitive data” following a referral from a Lithuanian Administrative Court (Case C 184-20). This ruling is being widely discussed in the data protection world, as it has the potential to have a big impact on […]

Will the American Data Privacy and Protection Act Become Law Eventually?
While some U.S. states have data privacy laws, amongst them California, known to have the strictest privacy law, to date, the United States do not have a federal data protection act. In June this year, a first draft of the American Data Privacy and Protection Act (ADPPA) was proposed. The draft bill received bipartisan support and […]

ICO fine for unlawful facial recognition
Clearview AI (hereafter Clearview) is a company dedicated to facial recognition. Clearview created a data base of over 20 billion images indexed from the Internet and social media and developed a facial recognition algorithm to analyze and match faces. Clearview compares sample images provided by its clients (mostly law enforcement bodies, governments, and banks) with […]
UK GDPR Reform
In September 2021, the government launched its consultation here to draw proposals to make substantial changes in the UK Data Protection Laws which were less stringent than the EU GDPR but still covered all the important data protection rights. The UK government has expressed that the focus of this reform is to make a trusted […]
Nope, Data Protection Law Does Not Allow Us to Do THAT
It is the easiest excuse on the books right now. You want to do that…I am sorry data protection law prohibits it. Somethings are truly not allowed under data protection law, but sometimes people just use this as an excuse that they assume very few people can argue against. They just want to say “No”, […]
Fines by the Spanish Data Protection Authority on cookies and the measures to verify customers’ identities.
In April 2022, the Spanish data protection supervisory authority – Agencia Española de Protección de Datos (AEPD) – issued several fines and in this article, we will review four decisions totaling 178,000 euros. What and why is the AEPD issuing fines? Unlawful use of cookies and outdated policies In Decisions 482, 483, and 603, the […]
We will record this call for contract proving purposes
The French data protection supervisory authority, Commission Nationale de l’Informatique et des Libertés (CNIL), recently published a Guide (25.04.2022) about call recording to prove the formation of a contract. When to record? The rule of thumb is to record calls that are necessary because there are no other means of proving that the data subject has […]
REJECT ALL by Google
Google introduced a “reject all” cookie button for Search and YouTube. Google launched in France a cookie banner enabling users to use Search and YouTube and “REJECT ALL” the cookies used for personalizing content and ads, measuring their effectiveness, or developing or improving new Google services. With the new cookie banner design, users are expected […]
Amazon Road Transport Spain Fined 2 Million EUR by Spanish Regulator for Requesting Certificates of Good Conduct from Drivers
The Spanish data protection supervisory authority, Agencia Española de Protección de Datos (AEPD), has issued a fined of 2 million EUR against Amazon Road Transport Spain, S. L., a logistics company that manages deliveries for US-based online-merchant Amazon (see here). Backgound, or: How to Become a Delivery Driver Amazon Road Transport works with formally self-employed […]
Will the Trans-Atlantic Data Privacy Framework Bloom this Summer?
Spring has sprung, but we are still waiting for the flowers to appear. As I wrote in a blog article dated, March 23, 2022, it was anticipated that this spring the EU and the U.S. would come to an agreement with regards to the EU-U.S. Privacy Shield. On March 25, 2022, a joint announcement was […]
Will Spring Bring a New EU-U.S. Privacy Shield Agreement?
As winter draws to an end and the sun begins to shine more often we are noticing the new buds of spring beginning to appear. This spring flowers may not be the only thing making their appearance, the European Commission and the U.S. Department of Commerce are back to the table discussing a new EU-U.S. […]
Backups and the Right to Erasure
Discussed many times and yet not less important: In order for processing to be lawful, personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis. The same applies if the legal basis ceases to exist. In this case, too, processing must be prevented aswell […]
The Dutch Data Protection Authority has published brief guidance on the pressing issue of Google Analytics
The Austrian Data Protection Authority has recently on the back of a NOYB compliant, come to the decision that the use of Google Analytics is not compliant with the GDPR, Schrems II, and data transfer laws. In the case, they found that personal data from the complainant’s browser or device had been transferred to the […]