Category: Privacy and Data Protection

An always present “advice” about GDPR’s consent gathering is “keep it simple and clear”.

This call for clarity, mainly advocated by the Data Protection Authorities themselves, is based on the assumption that legalese is actually a way to deceive the data subject into releasing a non well understood consent.

Clarity is a good thing but, in the law realm, must be practiced within the limit of the technical vocabulary. Continue reading “The GDPR and the problem of “simple” wording-based consent”

A simple syllogism. Continue reading “The GDPR doesn’t work for Data Retention”

The press release 84/2017 issued by the EU Court of Justice on the EU-Canada PNR transfer contains ? an important (though unnoticed) statement:

… the transfer of PNR data from the EU to Canada, and the rules laid down in the envisaged agreement on the retention of data, its use and its possible subsequent transfer to Canadian, European or foreign public authorities entail an interference with the fundamental right to respect for private life (emphasis added). Similarly, the envisaged agreement entails an interference with the fundamental right to the protection of personal data (emphasis added).

Continue reading “The EU Court of Justice: privacy and data protection are different rights. Data Protection Authorities are on notice”

The unified system of definitions set forth by the GDPR is its main strength because it prevents – at national level – the unauthorized modification of the EU provisions. Continue reading “A useful feature of the upcoming GDPR”