#42: Privacy M&A Unmasked

You know what the title means - we have Joost Gerritsen back on board with us! What we intend to be a regular section on the podcast, we delve again into the intricacies of CJEU case law. On the menu this week:   CJEU judgments:   X, Z v Autoriteit Persoonsgegevens – C-245/20 – 24 March 2022 -  https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:62020CJ0245 G.D. v The Commissioner of the Garda Síochána And Others – C-140/20 – 5 April 2022 - https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:62020CJ0140 Meta Platforms Ireland (C-319/20) – 28 April 2022  https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:62020CJ0319   Advocate General opinions: Digi (C‑77/21) – 31 March 2022  https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62021CC0077 Google (C-460/20) – 7 April 2022  https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62020CC0460 Proximus (C-129/21) – 28 April 2022  https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:62021CC0129   And hey - if you come up with a cooler brand name than Case Corner for Joost's section, hit us up, we're all ears for feedback!   And check out also Joost's website  https://gdprbeetle.eu/which-cjeu-data-protection-cases-are-currently-pending/ to keep posted on latest CJEU privacy developments.     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter:  https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn:  https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

20 Touko 20221h 5min

In this week's episode, be prepared to experience moral outrage on so many fronts. We cover the Verisure scandal from Sweden with employees snooping on security camera footage, another big fine from the Netherlands and lots more. Also in this episode: should you quit your job, move to Germany, and start filing for privacy damages left and right to make a living? And is EU Courts streaming their judgments the new Netflix? LinkedIn v HiQ case https://iapp.org/news/a/linkedin-v-hiq-and-the-transatlantic-privacy-divide/ Verisure scandal under investigation by Swedish DPA https://www.is.fi/digitoday/art-2000008769860.html   Google introduces new controls in Google Analytics https://support.google.com/analytics/answer/12017362 Dutch DPA fines the Dutch tax authority 3,7 MEUR https://www.politico.eu/article/dutch-scandal-serves-as-a-warning-for-europe-over-risks-of-using-algorithms/ 25€(yes, 25€!) in damages granted for receiving spam email https://gdprhub.eu/index.php?title=LG_Heidelberg_-_4_S_1/21&mtc=today Nerdflix – EU Courts start livestreaming https://www.politico.eu/article/eus-top-court-embraces-digital-age-with-streaming-service/ We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

27 Huhti 202259min

We have a new data transfer deal between the EU and the US! In principle. What does the announcement of an agreement “in principle” mean, when can we expect an actual deal, and what does this mean for transfers of personal data to the US right now? Can we stop doing transfer impact assessments altogether? In other news, we cover Meta’s 17MEUR fine from Ireland, and have a quick look at the recent EDPB guidelines. We’re delighted to discover that the term “Privacy Zuckering” exists, and equally disappointed to find out that the term did not make its way in the EDPB’s dark patterns guideline.   European Commission press release on the Framework https://ec.europa.eu/commission/presscorner/api/files/attachment/872132/Trans-Atlantic%20Data%20Privacy%20Framework.pdf.pdf     US Fact Sheet on the Framework https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/     CMS blogpost on Privacy Shield https://www.cmshs-bloggt.de/tmc/datenschutzrecht/trans-atlantic-data-privacy-framework-datentransfer-usa/# US Supreme Court Fazaga case https://thehill.com/opinion/judiciary/598899-the-supreme-court-just-made-a-us-eu-privacy-shield-agreement-even-harder   17MEUR fine on Meta from Irish DPA https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-meta-facebook-inquiry   New guidelines from the EDPB https://edpb.europa.eu/system/files/2022-03/guidelines_202202_on_the_application_of_article_60_gdpr_en.pdf https://edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

29 Maalis 20221h 4min

This week we discuss the upcoming privacy cases in the highest court of the EU, and have an amazing guest with us for this purpose, Joost Gerritsen! Beware listeners, this episode is probably our nerdiest (and longest, since Milla doesnt understand editors hints) one so far, so even more awesome than our usual content – that’s also why we made it extra-long. Joost is an AI, robotics, and data protection lawyer. He is based in the Netherlands where he runs his own law firm Legal Beetle, and has a long history working with data protection issues. What are the recurring themes in CJEU’s privacy cases, which countries are the usual suspects when it comes to referring questions to the Court, and how long does it take for the Court to decide on matters? And what do we talk about when we talk about professional FOMO ie. Pro-FOMO? We also do a speed-recap of the latest news in privacy sphere. Italian DPA fines Clearview AI 20 MEUR https://techcrunch.com/2022/03/09/clearview-italy-gdpr/ Danish DPA: Guidance on the use of cloud https://www.datatilsynet.dk/Media/637824108733754794/Guidance%20on%20the%20use%20of%20cloud.pdf Database of pending CJEU cases by Joost https://gdprbeetle.eu/which-cjeu-data-protection-cases-are-currently-pending/   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

17 Maalis 20221h 39min

This week’s guest star is Karolina Iwańska, who works as a lawyer and researcher at Panoptykon Foundation, a Polish NGO fighting for freedom and privacy in the digital age. Panoptykon was one of the organizations bringing the IAB TCF case to the Belgian data protection authority, and we had the pleasure of hearing Karolina’s insights on litigating the case, and her views on how this will affect the future of online advertising and privacy. We also do a speed-recap of the latest news in privacy sphere. EDPB launches coordinated enforcement on use of cloud by public sector https://edpb.europa.eu/news/news/2022/launch-coordinated-enforcement-use-cloud-public-sector_en Grindr appeals the over 6 MEUR fine in Norway        https://www.axios.com/grindr-appeal-norwegian-fine-privacy-bf20ff80-6117-4806-8550-10766590c0e0.html Further decisions and reactions on Google Analytics https://www.cnil.fr/sites/default/files/atoms/files/med_google_analytics_anonymisee.pdf https://tietosuoja.fi/-/euroopan-tietosuojaviranomaiset-ovat-todenneet-google-analyticsin-kayton-verkkosivuilla-tietosuojalainsaadannon-vastaiseksi https://iapp.org/news/a/norwegian-dpa-recommends-google-analytics-alternatives/ Local DPAs react to IAB TCF decision, EPIC and ICCL demand deletion of TCF data https://www.jdsupra.com/legalnews/dutch-dpa-takes-position-on-online-5194892/ https://epic.org/epic-and-iccl-issue-deletion-demands-in-wake-of-tcf-decision/     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

27 Helmi 20221h 12min

This week we discuss the broader implications of online tracking with Arnold Roosendaal, who works as a director at Privacy Company in the Netherlands. Roosendaal showed the world in 2011 how Facebook Like button is used across the internet to track also non-Facebook users. Since then he has done extensive work in highlighting the societal effects of online tracking, and how it impacts our individuality. Example of Privacy Company’s DPIA work  https://slmmicrosoftrijk.nl/downloads-dpias/  Arnold Roosendaal’s articles on SSRN https://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1546115 The information trap: Arnold Roosendaal at TEDxTilburgUniversity https://www.youtube.com/watch?v=xNQ9FG8oCCs   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

2 Helmi 20221h 9min

We hope everyone had relaxing holidays, because the year has not started slow in the world of privacy! In this week’s episode we talk about all the development around Google Analytics and the GDPR – the Austrian DPA being the first national data protection authority to indicate that the use of the tool breaches the GDPR and the Schrems II judgment. In other news we look at the European Data Protection Supervisor’s decision against Europol and a legal study commissioned by the EDPS and the EDPB on government access in India, China and Russia (spoiler: the study has a rather negative outcome). EDPS orders Europol to erase data https://edps.europa.eu/system/files/2022-01/22-01-10-edps-decision-europol_en.pdf Legal study on government access in India, China and Russia https://edpb.europa.eu/system/files/2022-01/legalstudy_on_government_access_0.pdf Austrian DPA’s decision on Google Analyticshttps://gdprhub.eu/index.php?title=DSB_(Austria)_-_2021-0.586.257_(D155.027)#English_Summary Google’s response on privacy and Google Analytics https://blog.google/around-the-globe/google-europe/google-analytics-facts/ EDPS reprimand towards European Parliament – on use of cookies, data transfers https://noyb.eu/en/edps-sanctions-parliament-over-eu-us-data-transfers-google-and-stripe Dutch DPA giving first warning on Google Analytics https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/internet-telefoon-tv-en-post/cookies#hoe-kan-ik-bij-google-analytics-de-privacy-van-mijn-websitebezoekers-beschermen-4898 CNIL’s guidance for data processors’ further use of data https://www.cnil.fr/fr/sous-traitants-la-reutilisation-de-donnees-confiees-par-un-responsable-de-traitement   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

20 Tammi 20221h 7min

New episode out! This week we discuss the much awaited decision from the Dutch data protection authority on the lawfulness of the IAB Transparency and Consent Framework – or at least the bits of the draft decision that have reached us so far. Does the DPA’s interpretation that IAB would be acting as a joint controller make any sense? Does following the TCF rules result in a lawful consent? And what’s the timeline for getting the decision finalized? In other news, we discuss the impact Apple’s privacy changes have had on ad income, and give an update on how the enforcement of the Chinese privacy law PIPL has started off. IAB TCF draft decision coming soon https://techcrunch.com/2021/11/05/iab-europe-tcf-gdpr-breach-belgium/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAACSEuDSf8McqwOifIOAe3-Wc2bl9ZjUZCRcD8EuF5SZhW4U45HRlieV-DCcb-I23wBkOYWsWEPZGtPRDhdek4W1NM9376VeWRBq6N1ZoWaVt3vXxFOrwmf0f5Ab0lPMQdpQ9YaGRgmrMRtMCMjirE4xoyrlPYinAhTn0mZdg5Kym Effects of iOS updates showing in ad income https://www.ft.com/content/4c19e387-ee1a-41d8-8dd2-bc6c302ee58e China PIPL update https://www.reuters.com/world/asia-pacific/china-ministry-orders-38-apps-rectify-excessive-collection-personal-data-2021-11-03/ Facebook shutting down its Facial Recognition System https://www.nytimes.com/2021/11/02/technology/facebook-facial-recognition.html   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

10 Marras 202145min