#34: Will the never ending story of ePrivacy finally end?

See how we get back to podcasting after the brat summer? Very demure, very mindful. We are not like these other podcasts, we don’t come back for the new season with a half-planned episode, we don’t use chatGPT to make notes, we don’t record too long episodes where half of it is just giggling–we’re very mindful, very considerate, very cutesy. In today’s very considerate episode Jyri, Milla, and Pilvi walk you through the most interesting news from the summer, such as the mega fine of €13,9 million given by the the Czech Supervisory Authority to a cyber security company that shared data of 100 million data subjects to its subsidiaries in a not very mindful way. We also discuss the latest drama on the EU Commission’s Preliminary DMA Findings on Pay or Consent as well as Meta suing the EDPB that is very interesting, very cutesy.  We also take a look at the secret collaboration between Meta and Google to target ads at 13–17-year-olds and have a discussion on what’s the harm in this? Is it really a problem or are we just trying to hold on to a world that is not realistic? We are not like these other privacy people–we don’t just gush about this–we explore different perspectives and play devil’s advocate. Very mindful, very considerate, very demure. These and much more in this episode where we do not try to play too much slightly off pitch on the hottest meme by the amazing @joolieannie , we’re very considerate, very funny, very cutesy, very mindful, and most certainly very demure.    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com Links: Big fine in Czech: https://www.edpb.europa.eu/news/news/2024/czech-sa-imposed-fine-139-million-eur-infringement-art-6-and-art-13-gdpr_en   EU Commission and Pay or Consent: Commission sends preliminary findings to Meta over its “Pay or Consent” model for breach of the Digital Markets Act - European Commission (europa.eu)   Meta and Google not very demure collaboration: https://www.ft.com/content/b3bb80f4-4e01-4ce6-8358-f4f8638790f8   NOYB annual report Annual_Report_2023_EN.pdf (noyb.eu)   Scraping and OpenAI: Microsoft Word - 2024.08.02 FINAL OpenAI Complaint (2) (courtlistener.com) https://www.legaldive.com/news/nvidia-open-ai-face-youtube-creator-lawsuits-for-using-online-videos/724498/

20 Aug 202452min

Prepare to get your mind blown (and not necessarily in a good way) - in this episode Laura, Floora, Pilvi, Milla and Hannes (what a full house!) discuss the theory and practice behind data processing roles.  What is the background of the roles, what is working and not working - why does CJEU want everyone to be joint controllers, what about the AI Act and much more. If you bear with us to the very end we even throw in some suggestions on how to develop a less complex life for the many privacy professionals. linkit: EDPB guideline on controller and processor: https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-072020-concepts-controller-and-processor-gdpr_en  CJEU, judgment of July 10, 2018, Jehovan todistajat, C‑25/17, EU:C:2018:55 https://curia.europa.eu/juris/document/document.jsf?text=&docid=203822&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305431 CJEU; judgment of June 5, 2018, Wirtschaftsakademie Schleswig-Holstein, C‑210/16, EU:C:2018:388 https://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305548  CJEU, judgment of July 29, 2019, Fashion ID, C‑40/17, EU:C:2019:629 https://curia.europa.eu/juris/document/document.jsf?text=&docid=216555&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305826    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

23 Juni 20241h 5min

Cambridge Analytica, Brexit, Trump, Russian Trolls. Political microtargeting has shaped the world and our society more and longer than we would like to admit. The European Union decided to fight back on it with Regulation on the transparency and targeting of political advertising, yet the road to the regulation was everything but smooth. Time will tell how or if the regulation will be able to actually make a difference. On this episode, Milla and Pilvi are going back to this important subject with our very special guest, privacy influencer and an Estonian lawyer Norman Aasma, who wrote his master thesis on the subject. Together we will discuss the road to the regulation, what was the issue with banning the use of sensitive personal data, what does the regulation actually regulate, and what change we can expect it to make.  The episode was recorded on the 27th of May 2024, just before the EU Elections, and thus, we also discuss the current EU Elections and take a brief look at the political advertising taking place (or the lack of it…). We compare it to the research data and results that we have gained from conducting research on the Finnish elections (see our Finnish podcast TietosuojaPod episodes #66 and #52).  So hit play and join us to enjoy a moment in privacy!   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

10 Juni 20241h 10min

“Welcome! Welcome! Welcome! To PrivacyPod Joost’s Case Corner Episode, we are your hosts Milla and Pilvi with Joost Kle… Gerritsen. Thank you so much for joining us and let us begin with our first and most important story, the events of last week’s Eurovision and the big denim egg that made it all the way to “Last Week Tonight” with John Oliver (Go Finland!).”  After we have gathered ourselves from the too short (Panu’s comment which has been noted) section on Eurovision, we move head first to the most interesting recent CJEU cases! And what is on the chopping block today? CJEU NADA and Others [C-115/22], where doping results were published online.  CJEU Juris [C-741/21], where a lawyer wanted to be compensated on receiving direct marketing which for some reason made some of our hosts just lose it (sorry). CJEU IAB Europe [C-604/22], where our focus is on the joint controllership aspect of the case. Thank you so much for listening and good night! Links: Belgian DPA’s Decision on IAB Europe:  decision-quant-au-fond-n-21-2022-en.pdf (autoriteprotectiondonnees.be) CJEU NADA and Others [C-115/22]: https://curia.europa.eu/juris/document/document.jsf?text=&docid=285723&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2737812 CJEU Juris [C-741/21]: https://curia.europa.eu/juris/document/document.jsf?text=&docid=284641&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738131   CJEU IAB Europe [C-604/22]: https://curia.europa.eu/juris/document/document.jsf?text=&docid=283529&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738315   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

15 Maj 20241h 9min

We’re so glad to geek out on something a bit different this week, as we welcome Natallia Karniyevich to discuss all things cyber with our hosts Hannes Saarinen and Milla Keller. Natallia is a senior associate at Bird & Bird, where she also co-chairs Bird & Bird’s international cybersecurity steering group.  Natallia guides us through what has been a flood of new, stricter cybersecurity legislation. We discuss the background and need behind the new laws. We look a bit closer specifically at the NIS2 Directive, which brings tighter requirements to many different kinds of organizations. And ofcourse, we discuss what do these new laws mean for privacy professionals: how does cyber intersect with the GDPR?     Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

11 Maj 202459min

We have good news and bad news. Good news are, we are returning with Joost’s Case Corner, so expect lots of CJEU goodness from this episode. Bad news are, we get pretty distracted by other (equally important) topics before actually getting to the CJEU privacy cases… But don’t worry, whatever recent case law we didn’t cover in this episode, we’ll come back to in another episode in a few weeks! Ok, so what do we discuss in this episode? We had to start with EDPB’s Pay or Consent Opinion, as that is the most exciting piece of news from last week. Related to that, we also dare to talk about the Advocate General’s Opinion in the C-446/21 Schrems v Facebook case - even though the AG Opinion was only published after we recorded the episode.  The CJEU cases we cover in this episode are: CJEU Belgian State – Data processed by an official journal [C-231/22] CJEU Gesamtverband Autoteile-Handel [C-319/22] CJEU FT – Copies of medical records [C-307/22] CJEU Ministerstvo zdravotnictví – COVID-19 mobile application [C-659/22] (Upcoming on 7 May 2024) - CJEU NADA and Others [C-115/22]   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

24 Apr 20241h 4min

Laura and Panu are joined by Otto Lindholm to discuss recent CJEU case related to Finnish transparency laws and disclosing criminal conviction data via telephone. What is the Finnish tradition of transparency of official documents really about, are we now losing it and what’s going to happen? If you ask Panu, doomsday is upon us. Transparency is dead and criminals, politicians and reality tv contestants will run amok with no accountability. Or then its just a storm in a tea cup. Panu does make a lot of mistakes, such as reads the European Charter of Fundamental Rights wrongly. In other news, but no less important, the Court actually states that oral transfer of data from a filing system is processing of personal data. Did you see that one coming? The cool privacy kids did, Panu did not.  The discussion twists and turns and reaches some kafkaesque levels but who cares - privacy theory is fun.   Hope you enjoyed our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

20 Apr 20241h 19min

It’s been a heavy spring. So many new things are coming to privacy folk’s way, the world is (literally) shaking, we are killing our one planet, old men are driving the world to turmoil and horror. The world is getting darker.  Therefore, without forgetting the importance of discussing all the difficult things, we decided to treat you with an invitation to Milla’s happy place: to discuss something that is full of bright colors and makes everyone focus, just for a brief moment, on the importance of coming together and enjoying the beautiful wonders that people do. We are of course talking about the Eurovision! Will ABBA serve a beautiful Swedish Suprise in May in Malmö? Which year did TIX compete for Norway (Milla gets this wrong)? What country did Flo Rida compete for? And whats the most efficient way to collect consent? One of these questions is not answered in this episode. Even though the task was to talk a little bit about Eurovision and a lot about privacy, Pilvi kinda ends up interviewing Milla about her love for the Eurovision and all the wonderful twists and turns this performance art competition includes. We also asked the presenters to take few breaks for editing purposes, but guess that was too much to ask. And anyway we maybe did or didn’t have time to cover privacy-related news - one has to prioritize. So put on your headphones, grab a glass of your favorite beverage, and slide into the bliss of Eurovision for a moment – it’s on us! And Herkko, you can skip this episode!   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

12 Apr 202445min