GDPR role, how to determine? The French privacy regulator CNIL reviews the criteria and practical consequences of determining the GDPR role of data controllers and processors. The qualification does not always depend on a contractual choice but on the facts: who decides what, and who executes what, concerning personal data. The controller is the natural […]
Month: June 2025
AI and the GDPR: Understanding the Foundations of Compliance
Artificial intelligence (AI) is a fast evolving group of technologies which presents both great benefits and risks. Ensuring that these technologies align with data protection laws is not just a matter of best practice; it’s a legal necessity. It is arguably the most comprehensive data protection framework in the world, the General Data Protection Regulation […]
Data protection digest 17 May – 1 June 2025: The ‘reject all’ button is a must; legitimate interest as the data controller’s initiative
‘Reject all’ button The State Commissioner for Data Protection of Lower Saxony has ruled that the “Reject all” button is a must on the first level of the consent banner for cookie preferences when an “Accept all” option is available. Consent banners may not specifically encourage consent and discourage the rejection of cookies. Otherwise, the […]