23 December 2025
Judicial De-Simplification
In early December, the Court of Justice handed down a controversial ruling in Russmedia – indicating that online platforms can no longer confidently rely on EU intermediary liability law for protection against legal responsibility for user content in cases which involve data protection violations. Russmedia significantly weakens the intermediary liability protection – but the extent of the damage to the safe harbour remains unclear. The judgment can be read as having either a broad or narrow application, and the extent of the damage will depend upon how expansively the case is interpreted. And already, different actors are reading the judgment in very different ways. Continue reading >>
0 
21 December 2025
A General Obligation to Monitor
In Russmedia Digital, the ECJ ruled at the beginning of December that in cases dealing with data protection violations, such as defamatory content, the notice-and-takedown procedure should not be applied, but rather that the respective platform is (jointly) liable for illegal content from the publication of the content on. Clearly unaware of the enormous implications of its decision for the freedom of expression and information of millions of users in the EU, the Court is thus demanding the establishment of a comprehensive monitoring system for communication in the digital public sphere. Continue reading >>
0
03 December 2025
The Ominous Omnibus
The European Commission’s Digital Omnibus proposal to impose additional limits on the right of access to personal data is not a technical clean-up of EU digital law, but a near verbatim reproduction of industry lobbying demands. The proposal restricts the very tool used by citizens, NGOs, journalists, workers, researchers, and civil society to uncover systemic unlawful practices. Instead of strengthening EU digital competitiveness, the proposal threatens to dismantle a tool of counter-power and a cornerstone of data protection. Continue reading >>
0
17 November 2025
The Omnibus Package of the EU Commission
The European Commission is planning a fundamental overhaul of European digital regulation, and it wants to move quickly. On 19 November, it intends to publish draft legislation for an omnibus package designed to simplify, reduce bureaucracy, and harmonise various legal acts. The draft was leaked last week, and it is a tough one for everyone who appreciates fundamental rights-oriented regulation. If the proposals obtain the necessary majorities in the legislative process, the cornerstones of data protection law would be fundamentally changed. Continue reading >>10 July 2025
Reforming the GDPR
After a surge of new digital legislation over the past two years, the European Commission appears to have no intention of easing its pace in reshaping Europe’s regulatory landscape. This includes proposals to reform the GDPR. Regulatory reforms should, however, focus on strengthening enforcement and fixing the structural problems of the GDPR, rather than merely simplifying and deregulating it. Continue reading >>
0
28 November 2024
The Future of GDPR Enforcement
The ongoing trilogue negotiations on the GDPR procedural regulation aim to address significant enforcement shortcomings. From strengthening complainants' rights to harmonising Data Protection Authorities' discretion and improving cross-border cooperation, these discussions carry major implications for data protection in Europe. This analysis highlights the urgent need for reforms to ensure effective and fair enforcement. Continue reading >>
0
28 August 2024
Strengthening the EU Legal Edifice for Data Transfers
GDPR provides the rulebook for international transfers of personal data from the EU and serves as the vehicle through which EU data protection law interacts with the wider world. However, the EU seems ambivalent about deciding how far it can expect third countries to adopt data protection standards similar to its own. Moreover, DPAs often fail to scrutinize data transfers to third countries that may lack the rule of law. Finally, the EU lacks a comparative methodology for assessing data protection equivalence in third countries. It is essential for the EU to elevate the public discourse so that the global significance of data transfers is recognized. Continue reading >>
0
14 August 2024
In the Shadows
Recent investigations by Netzpolitik and the German public service broadcaster Bayerischer Rundfunk into the company Datarade have shed light on a part of the digital economy that has so far operated mainly in the background: data trading. The key players in this sector are data brokers, whose business model is to trade in (non-)personal data. Data trading is a multi-billion-dollar component of the global digital economy and not a new phenomenon. This article outlines the legal implications of data trading in the context of the GDPR, the DSA and the AI Act. Continue reading >>
0
19 July 2024
Proximity, Amicable Settlements, and how the EU Guts GDPR Enforcement
The EU legislator is working on a new Regulation to modify the GDPR. Unfortunately, the reform features deeply troubling elements. It seeks to mainstream a controversial Irish approach to dealing with data protection complaints, namely “amicable settlements” between individuals and digital corporations. Further, and rather problematically, the reform foreshadows the end of the principle of proximity. Gutting – or at least eroding – the proximity principle should ring alarm bells for anyone concerned with effective judicial remedies in the EU. Continue reading >>
0
14 December 2023
To Score Is to Decide
Can the act of assigning a score to someone constitute a decision? This, in essence, is the question the Court of Justice of the European Union (CJEU) had to answer in Case C-634/21. And the Court’s answer is yes, following in the footsteps of the Advocate General’s opinion on the case. Rendered on 7 December, this ruling was eagerly awaited as it was the first time the Court had the opportunity to interpret the notorious Article 22 of the General Data Protection Regulation (GDPR) prohibiting decisions “based solely on automated processing". Continue reading >>
0