PrivacyPod

See how we get back to podcasting after the brat summer? Very demure, very mindful. We are not like these other podcasts, we don’t come back for the new season with a half-planned episode, we don’t use chatGPT to make notes, we don’t record too long episodes where half of it is just giggling–we’re very mindful, very considerate, very cutesy.

In today’s very considerate episode Jyri, Milla, and Pilvi walk you through the most interesting news from the summer, such as the mega fine of €13,9 million given by the the Czech Supervisory Authority to a cyber security company that shared data of 100 million data subjects to its subsidiaries in a not very mindful way. We also discuss the latest drama on the EU Commission’s Preliminary DMA Findings on Pay or Consent as well as Meta suing the EDPB that is very interesting, very cutesy.

We also take a look at the secret collaboration between Meta and Google to target ads at 13–17-year-olds and have a discussion on what’s the harm in this? Is it really a problem or are we just trying to hold on to a world that is not realistic? We are not like these other privacy people–we don’t just gush about this–we explore different perspectives and play devil’s advocate. Very mindful, very considerate, very demure.

These and much more in this episode where we do not try to play too much slightly off pitch on the hottest meme by the amazing @joolieannie , we’re very considerate, very funny, very cutesy, very mindful, and most certainly very demure.

Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Twitter: https://twitter.com/PodPrivacy, #privacypod

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

Links:

Big fine in Czech:

https://www.edpb.europa.eu/news/news/2024/czech-sa-imposed-fine-139-million-eur-infringement-art-6-and-art-13-gdpr_en

EU Commission and Pay or Consent:

Commission sends preliminary findings to Meta over its “Pay or Consent” model for breach of the Digital Markets Act - European Commission (europa.eu)

Meta and Google not very demure collaboration:

https://www.ft.com/content/b3bb80f4-4e01-4ce6-8358-f4f8638790f8

NOYB annual report

Annual_Report_2023_EN.pdf (noyb.eu)

Scraping and OpenAI:

Microsoft Word - 2024.08.02 FINAL OpenAI Complaint (2) (courtlistener.com)

https://www.legaldive.com/news/nvidia-open-ai-face-youtube-creator-lawsuits-for-using-online-videos/724498/

Today’s episode is perfect for the holiday season - or maybe you don’t want to think about work stuff during holidays? Oh well, you are very welcome to join the ride with Laura and Pilvi when they discuss consent or pay -models with Filip Sedefov.

What is the topic really about? Are we regulating/focusing on the right things? Is personal data a tradable commodity that you can exchange for free services? What has all this to do with the values we wish we had and what we actually live by? Is the pay or consent just about making money while stomping on people’s rights or can it actually be seen as an improvement from the current state of affairs?

Listen in to hear our hosts exploring the arguments while playing all types of devils’ advocates from “people will not be able to make informed decisions” to “this is about safeguarding users’ autonomy” and everything in between.

With this episode we’ll wrap up the year 2024 and wish all our 7 (+ Joost’s wife and dog = 9) listeners happy holidays and a Schrems III-free 2025!

LINKS: https://www.edpb.europa.eu/news/news/2024/edpb-consent-or-pay-models-should-offer-real-choice_en

Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Twitter: https://twitter.com/PodPrivacy, #privacypod

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

It’s been a heavy spring. So many new things are coming to privacy folk’s way, the world is (literally) shaking, we are killing our one planet, old men are driving the world to turmoil and horror. The world is getting darker.

Therefore, without forgetting the importance of discussing all the difficult things, we decided to treat you with an invitation to Milla’s happy place: to discuss something that is full of bright colors and makes everyone focus, just for a brief moment, on the importance of coming together and enjoying the beautiful wonders that people do. We are of course talking about the Eurovision!

Will ABBA serve a beautiful Swedish Suprise in May in Malmö? Which year did TIX compete for Norway (Milla gets this wrong)? What country did Flo Rida compete for? And whats the most efficient way to collect consent? One of these questions is not answered in this episode.

Even though the task was to talk a little bit about Eurovision and a lot about privacy, Pilvi kinda ends up interviewing Milla about her love for the Eurovision and all the wonderful twists and turns this performance art competition includes. We also asked the presenters to take few breaks for editing purposes, but guess that was too much to ask. And anyway we maybe did or didn’t have time to cover privacy-related news - one has to prioritize.

So put on your headphones, grab a glass of your favorite beverage, and slide into the bliss of Eurovision for a moment – it’s on us!

And Herkko, you can skip this episode!

Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Twitter: https://twitter.com/PodPrivacy, #privacypod

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

Gather around the fire, children, and listen closely: it is time once again to enjoy CJEU case law in the best possible way with Joost’s Case Corner! Yes, Jyri and Pilvi join forces again with the amazing Joost Gerritsen and dive right back into the CJEU Super Friday cases. In this episode, we will cover:

• Case C-200/23, Agentsia po vpisvaniyata (A Bulgarian case about whether an individual has the right to ask the agency to delete their personal data from the company registry, the scope of legal obligation as a legal basis, whether signatures are personal data, and if the official opinion of the Data Protection Authority can shield a controller from liabilities if the court disagrees with the DPA’s opinion.)
• Case C-4/23, Mirin (If a first name and sex/gender are changed in one member state, must other member states recognize it as well?)
• Case C-768/21, Land Hessen (Does the DPA have an obligation to exercise corrective power in all cases of data breaches, particularly to impose a fine, at the demand of the data subject?)

As a bonus, we also cover the following cases:

• C-169/23, Masdi (A Hungarian case focusing on Article 14(5)(c): does the article exempt controllers from their obligation to inform data subjects when the data processing—obtaining or disclosure—derives from national law?)
• C-80/23, Ministerstvo na vatreshnite raboti (A Bulgarian case about the Law Enforcement Directive (LED) regarding the concept of “strict necessity” in the context of biometric and genetic data collection for creating police records.)

So lean back, close your eyes, reward yourself for making it to December of this eventful year, and let the velvety voice of Joost carry you to the wonderful wonderland of CJEU Case Law. Darling, we got you.

Did you enjoy our show? Support us by buying us coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

Links:

Case C-200/23, Agentsia po vpisvaniyata: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62023CN0200

Case C-4/23, Mirin: https://curia.europa.eu/juris/documents.jsf?num=C-4/23

Case C-768/21, Land Hessen: https://curia.europa.eu/juris/liste.jsf?lgrec=fr&td=%3BALL&language=en&num=C-768/21&jur=C

C-169/23, Masdi: https://gdprhub.eu/index.php?title=AG_-_C-169/23_-_M%C3%A1sdi

In this episode, Jyri, Milla, and Pilvi walk you through the latest hottest tea in privacy and data protection. First, we turn our attention to the herald of doom itself: Clearview and the actions taken by the Dutch Data Protection Authority (fine of 30,5 million euros and then some). Will the Dutch DPA follow through with going after the management and inflict personal liability the managers or directors of Cleaview?

We also explore whether such a grim herald can have any positive aspects. The Dutch DPA suggests that the government could create its own version of Clearview, raising an important question. Should we, as a human society, pursue every technological capability simply because we can?

Next, we visit the herald of digital future and all things beautiful, that is of course Sweden. The Swedish data protection authority, IMY, has given out two fines for unfortunate use of Meta pixels by a pharmacy and a bank that led to leaking sensitive personal data to Meta. The cases have some meme aspects (legal said no) but also raise up important questions: what is the root cause? Could Meta’s way of enrolling in updates be the one to blame? What steps to take to ensure your organization’s compliance?

Then, we take a look at the latest blog by Anu Talus, the Finnish Data Protection Ombudsman and the the Chair of the European Data Protection Board. She admires Sweden (don’t we all?), who seems to thrive under the GDPR rules whereas Finland’s Data Protection Authority remains under-resourced, raising concerns about its ability to support future demands. She distinctly calls out for the ability to fine the public sector also in Finland (one of the few countries where this isnt possible), and discusses the AI Act.

Lastly, we dive into a fast-paced Lightning RoundTM of key data protection developments. From the Belgian DPA’s crackdown on dark patterns in cookie consent to fines against Uniqlo by the Spanish DPA (AEPD), and a penalty for Vejen Municipality in Denmark over stolen school laptops, important actions are shaping the landscape. We also explore Liechtenstein’s insights on remote work and

This and much more (such as some tips on who to follow on LinkedIn) awaits behind the play-button!

Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

Twitter: https://twitter.com/PodPrivacy, #privacypod

Instagram: @privacypod

LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Email: [email protected]

Links:

Clearview fine: https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition

Swedish Meta Pixel cases: https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/

https://www.imy.se/nyheter/sanktionsavgifter-mot-apoteket-och-apohem-for-overforing-av-personuppgifter-till-meta/

Anu Talus’ blog: https://tietosuoja.fi/-/tekoaly-hoi-missa-suomen-digistrategia-

Belgian DPA’s cookie case: https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-113-2024-van-6-september-2024.pdf

Uniqlo fine: https://www.edpb.europa.eu/news/national-news/2024/spanish-supervisory-authority-fined-uniqlo-europe-ltd-violations-article_en

Vejen Municipality fine: https://www.datatilsynet.dk/afgoerelser/afgoerelser/2024/aug/endnu-en-kommune-indstillet-til-boede-for-manglende-kryptering

The DPA of Lichtenstein’s activity report for 2023: https://www.datenschutzstelle.li/application/fi...