-
Continue reading →: A deep dive into the consequential SRB judgment(s): Between personal, impersonal, anonymous and pseudonymized data
The CJEU gave two consequential judgments on the definition of “personal data” and its relationship with de-identification, one in first instance by the General Court (Case T-557/20, SRB I, 26 April 2023) and the other one in appeal to the first one, by the Court of Justice (Case C-413/23, SRB…
-
Continue reading →: Why data protection legislation offers a powerful tool for regulating AI
This post was first published on the LSE EUROPP blog on February 10, 2025. For some, it may have come as a surprise that the first existential legal challenges large language models (LLMs) faced after their market launch were under data protection law, a legal field that looks arcane in the eyes…
-
Continue reading →: What to expect when you’re expecting the first GenAI enforcement decisions under the GDPR: A look at the EDPB ChatGPT Taskforce Report
A taskforce of Data Protection Authorities (DPAs) from EU Member States set up by the European Data Protection Board (EDPB) about a year and a half ago published in May of this year a report summing up their common understanding of how ChatGPT, the popular sensation among Generative AI (GenAI)…
-
Continue reading →: Why data protection law is uniquely equipped to let us fight a pandemic with personal data
Data protection law is different than “privacy”. We, data protection lawyers, have been complacent recently and have failed to clarify this loud and clear for the general public. Perhaps happy to finally see this field of law taking the front stage of public debate through the GDPR, we have not…
-
Continue reading →: A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
America’s own GDPR was introduced in Congress in 1974. This Bill applied to government and companies, it restricted international transfers and offered U.S. and foreign “data subjects” rights to access, erasure and even… explanation.
-
Continue reading →: Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
The Court of Justice of the European Union (CJEU) gave its judgment in Case C-434/16 Nowak on 20 December 2017, and it is significant from several points of view: It provides a good summarized description of what constitutes “personal data”, referring to both objective and subjective information, regardless of its…
-
Continue reading →: A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
The nature of the digital economy is as such that it will force the creation of multi-competent supervisory authorities sooner rather than later. What if the European Data Protection Board would become in the next 10 to 15 years an EU Digital Regulator, looking at matters concerning data protection, consumer…
Hello,
I’m Gabriela
Welcome to pdpecho, my blog about personal data protection and privacy. Here, I have been accompanying my passion for this field with thoughts and writing throughout the years, pushing the boundaries of data protection law and hoping to explain its beauty and value to the world. Opinions here are strictly mine, so is the writing (I never use LLMs to write).