08 May 2023
The Future of the European Security Architecture: A Debate Series
This debate series is dedicated to Ligue des Droits Humains – a case in which the Court of Justice of the European Union decided on the fate of one of the main drivers of this development: the Directive on on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The PNR Directive, being one of the first major EU-wide examples of predictive policing, is not just interesting in itself. It exemplifies the emergence and gradual consolidation of a new security architecture in Europe. Continue reading >>
1 
14 April 2023
Attention Is All You Need
Das Verbot ChatGPTs durch die italienische Datenschutzbehörde bietet Gelegenheit einen Klassiker neu aufzulegen: Eine bahnbrechende, Technologie aus dem Silicon Valley zerschellt am harten Beton des Brüsseler Datenschutzregimes. Während einige technikkritische Stimmen laut applaudieren, prügeln andere auf das vermeintlich innovationsfeindliche Datenschutzrecht ein. Doch gibt ChatGPT tatsächlich Anlass für derart fundamentale datenschutzrechtliche Bedenken im Hinblick auf generative KIs? Continue reading >>07 April 2023
Squaring the Circle
The Italian Data Protection Authority banned ChatGPT for violating EU data protection law. As training and operating large language models like ChatGPT requires massive amounts of (personal) data, AI's future in Europe, to an extent, hinges upon the GDPR. Continue reading >>20 December 2022
The Right to be Forgotten in 2022
On 8 December 2022, the Court of Justice of the European Union delivered its latest landmark judgment on the ‘right to be forgotten’. Despite the largely incremental character, the continuing legal manifestation of the right to erasure/be forgotten/de-referencing raises more fundamental questions on the governance of the datafication of society in the EU. Continue reading >>
0
09 November 2022
Compensation for non-material damages under the GDPR
On 6 October 2022, Advocate General Campos Sánchez-Bordona delivered his Opinion in case C‑300/21. At stake is the interpretation of Article 82 of the General Data Protection Regulation, which provides compensation for non-material damages. The Opinion opts for a strict interpretation of this provision, but a broader reading is possible, and even desirable, in light of the GDPR’s objectives and the many barriers impeding effective enforcement of data protection rights. Continue reading >>21 October 2022
Towards a data-subject-friendly interpretation of Article 82 GDPR
Under the GDPR, Article 82 is the only instrument to claim compensation resulting from data protection infringements. So far, it has not been interpreted by the CJEU. To date, nine preliminary references on the interpretation of Article 82 have been made by national courts. On 6 October 2022, Advocate General Sánchez-Bordona delivered his Opinion in one of them. Since it will be the first CJEU judgment on this subject, it will have a profound impact on the further development of EU data protection law, in particular, its private enforcement. Continue reading >>18 October 2022
Digital Autonomy in Contractual Relationships
It is rare for two Advocates General of the European Court of Justice to differ on the interpretation of a fundamental legal act of the European Union. This is what recently occurred with regard to the General Data Protection Regulation. Continue reading >>18 May 2022
GDPR Collective Litigation Against Facebook
The recent CJEU Case C-319/20, Meta Platforms Ireland provides insights on the interpretation of Article 80(2) of the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), which regulates representative actions in the data protection field. The Court of Justice specified that actions protecting general interests fall under the scope of Article 80(2) GDPR, but leaves the task unmoved to reconcile this provision with the Directive on Representative Actions (DRA). Continue reading >>
0
22 November 2021
Lloyd v Google: towards a more restrictive approach on privacy protection in the UK?
The UK Supreme Court has delivered its much-awaited judgment in Lloyd v Google - a highly significant case for the development of privacy law in the United Kingdom. The Supreme Court paints an overly thin picture of data privacy and raises important concerns about possible divergence from EU standards in the future. Continue reading >>
0
03 September 2021
Enforcement of the DSA and the DMA
In trying to overcome the cross-border enforcement’s pitfalls of the GDPR, the Commission’s proposals for a Digital Services Act and Digital Markets Act are largely expanding the Commission’s enforcement powers. Unfortunately, what is touted as a solution for cross-border enforcement issues, might lead to new difficulties and challenges due to the risks of the centralization of power with the Commission. Continue reading >>
0