PrivacyPod

• #72 An A-Mousse-Bouche (get it????) of recent EU case law

  Once again, Pilvi and Jyri are joined by the legendary Joost, in another episode of Joost Case Corner and the magic of European Court of Justice (and Court of First Instance) case law!   In this episode, Pilvi and Jyri (with some connection issues but not to worry Phil and all Jyri fans–he’s there!) discuss the following cases with Joost Gerritsen: Case T-354/22: Judgment of the General Court in Bindl v. Institutions, commission (Can an unlawful data transfer to the USA be annulled? Also, 400€ damages for an unlawful transfer of IP Address via Facebook by the EU. A case that highlights the importance of DPF and the difficulties to function if it should fall.) Case C-394/23: Mousse Jan 9 2025 Association Mousse v Commission nationale de l'informatique et des libertés (CNIL) and SNCF Connect. (A data subject was forced to pick a salutation (monsieur/madame) when buying a train ticket because the train company wanted to send marketing, this case made us happy to live in Europe in these st/o+range times.) Case C‑416/23, Österreiche Datenschutzbehörde (Can a Data Protection Authority tell a data subject to stop filing complaints and stick to no more than 2 complaints per month?) We also take a look at what court cases are cooking in the Court of Justice of the European Union and ready for us to enjoy soon!‘   This episode will be a great treat while prepping for the end of the world, so do listen in!   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]       Links: Case T-354/22: https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-01/cp250001en.pdf Case C-394/23: https://eur-lex.europa.eu/legal-content/fi/TXT/?uri=CELEX:62023CJ0394 Case C‑416/23: https://www.euractiv.com/section/tech/news/eu-court-rules-gdpr-complaints-cant-be-rejected-based-on-frequency/  

  --------  

  45:26
• #71: Sam says: No Deepseek, dont copy that!

  It’s 2025 and the world is a little crazier… and more orange. So the tea is hot in the global privacy scene indeed, and Jyri and Pilvi are totally here for it.  Not to worry, we don’t want to cause extra heartbeats this early in the year by speculating if the DPF will stand through this new orange era of madn…interesting times, but it is absolutely the right time to take a look at China.  We start with discussing the drama regarding TikTok and where we are with that and continue with the news that shook the markets and tech world: DeepSeek. Both cases are closely related to privacy concerns and international politics: what does this all look like from the EU’s perspective? The Italian Data Protection Authority is already on the case DeepSeek: what could possibly be their concerns? And how is NOYB after controllers connected to China? We also discusst the power struggle between the Irish authority DPC and European Data Protection Board (EDPB) regarding a NOYB case where the EU Court had to intervene, the new EDPB position paper on the crossroads of competition law and privacy as well as the guideline on pseudonymisation. Oh, and we also go through some latest fines from France.  All this and much more from this disturbingly optimistic episode!   Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]

  --------  

  49:16
• #70: Pound of flesh or pay? Discussion with Filip Sedefov

  Today’s episode is perfect for the holiday season - or maybe you don’t want to think about work stuff during holidays? Oh well, you are very welcome to join the ride with Laura and Pilvi when they discuss consent or pay -models with Filip Sedefov.  What is the topic really about? Are we regulating/focusing on the right things? Is personal data a tradable commodity that you can exchange for free services? What has all this to do with the values we wish we had and what we actually live by? Is the pay or consent just about making money while stomping on people’s rights or can it actually be seen as an improvement from the current state of affairs?  Listen in to hear our hosts exploring the arguments while playing all types of devils’ advocates from “people will not be able to make informed decisions” to “this is about safeguarding users’ autonomy” and everything in between.  With this episode we’ll wrap up the year 2024 and wish all our 7 (+ Joost’s wife and dog = 9) listeners happy holidays and a Schrems III-free 2025!   LINKS: https://www.edpb.europa.eu/news/news/2024/edpb-consent-or-pay-models-should-offer-real-choice_en    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]

  --------  

  1:04:34
• #69: Joost Case Corner 2/2 (yes, a second one!)

  Gather around the fire, children, and listen closely: it is time once again to enjoy CJEU case law in the best possible way with Joost’s Case Corner! Yes, Jyri and Pilvi join forces again with the amazing Joost Gerritsen and dive right back into the CJEU Super Friday cases. In this episode, we will cover: Case C-200/23, Agentsia po vpisvaniyata (A Bulgarian case about whether an individual has the right to ask the agency to delete their personal data from the company registry, the scope of legal obligation as a legal basis, whether signatures are personal data, and if the official opinion of the Data Protection Authority can shield a controller from liabilities if the court disagrees with the DPA’s opinion.) Case C-4/23, Mirin (If a first name and sex/gender are changed in one member state, must other member states recognize it as well?) Case C-768/21, Land Hessen (Does the DPA have an obligation to exercise corrective power in all cases of data breaches, particularly to impose a fine, at the demand of the data subject?) As a bonus, we also cover the following cases: C-169/23, Masdi (A Hungarian case focusing on Article 14(5)(c): does the article exempt controllers from their obligation to inform data subjects when the data processing—obtaining or disclosure—derives from national law?) C-80/23, Ministerstvo na vatreshnite raboti (A Bulgarian case about the Law Enforcement Directive (LED) regarding the concept of “strict necessity” in the context of biometric and genetic data collection for creating police records.) So lean back, close your eyes, reward yourself for making it to December of this eventful year, and let the velvety voice of Joost carry you to the wonderful wonderland of CJEU Case Law. Darling, we got you.   Did you enjoy our show? Support us by buying us coffee here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]   Links: Case C-200/23, Agentsia po vpisvaniyata: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62023CN0200 Case C-4/23, Mirin: https://curia.europa.eu/juris/documents.jsf?num=C-4/23 Case C-768/21, Land Hessen: https://curia.europa.eu/juris/liste.jsf?lgrec=fr&td=%3BALL&language=en&num=C-768/21&jur=C C-169/23, Masdi: https://gdprhub.eu/index.php?title=AG_-_C-169/23_-_M%C3%A1sdi  

  --------  

  1:10:25
• #68: Joost’s Case Corner: CJEU Super Friday vol. 1 / 2

  Tired of keeping up with all the CJEU case law? Want to prepare  yourself for all the cool discussions at the IAPP Brussels event? Not to worry! The Joost’s Case Corner covering the CJEU Super Friday cases has landed for you to enjoy. In the first of two of the Super Friday episodes, we will cover: Case C-21/23 Lindenapotheke (What is Art 9 data and what’s not? Can companies rat out each other regarding compliance with the GDPR (and is it smart)?) Case C-621/22 KNLT (Can a commercial interest constitute legitimate interest? We also get a brief history of this case and learn to understand the Dutch DPA a bit better and cover some hot tea on the subject.) Case C-446/21 Schrems v Facebook (Can you process publicly disclosed information on sexual orientation for targeted advertising just because it is public information?) We also learn about the most awesome Dutch legal term “breaking through the wall” and Olaus Petri (a priest who lived 1493-1552, in Swedish Olof Persson, who is still an important character in Finnish law) while discussing legal theory of EU law.  So take a good breath, let all the stress of November leave your mind, and enjoy the awesome drama that is CJEU case law!   Links: Case C-21/23 Lindenapotheke https://curia.europa.eu/juris/documents.jsf?num=C-21/23 Case C-621/22 KNLT https://curia.europa.eu/juris/document/document.jsf?text=&docid=290688&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=4086618 Case C-446/21 Schrems v Facebook https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62021CJ0446   Did you enjoy our show? Support us by buying us a pumpkin spice latte here: https://bmc.link/privacypod4u We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: [email protected]

  --------  

  1:06:55

More Business podcasts

Trending Business podcasts

About PrivacyPod