Share this page!

Michael Veale Profile picture
Twitter logo
Oct 1, 2019 10 tweets 6 min read
There are a small handful of interesting aspects to the Planet49 cookie-consent CJEU judgement today (only in FR/DE right now): curia.europa.eu/juris/fiche.js…
Firstly, unlike the AG, the Court expressly says that because they were not asked about bundling services (e.g. tracking walls, conditional/coerced consent), they will no comment on it.
The most interesting thing is how the Court justifies that info on cookie duration/those who can access should be provided. ePrivacy refers to data protection law on the information provided, but as ePrivacy is not always about personal data, the info reqs in DP don't always fit
The AG did this effectively by saying 'what do you need to make an informed decision' (AG Opinion 112-121) curia.europa.eu/juris/document…
The Court focusses more directly on the fairness principle of data protection law (@damicli @Jausl00s), and says explicitly that the 'at least' in arts 13-14 of the GDPR may, depending on the case, need to be extended based on this principle because of the situation. (para 78)
Considering eg algorithmic accountability, this situational, fairness-focussed view of 'at least' falls in support of the view of @aselbst @juliapowles (the extent of 'right to an explanation' is contextual) cf to the constrained literal reading of @SandraWachter5 @b_mittelstadt
It also falls in support of e.g. the A29 Working Party, on transparency, who note that whether you should provide full recipients or categories of recipients is a contextual choice. Furthermore, they apply a mutadis mutandis approach to art 13-14 wrt recipients/access (para 80).
To me, the end of Planet49 lays firmer groundwork than had previously existed for the judicial expansion of the qualitative requirements for data controllers processing in high risk sitatuions under EU data protection law.
here's an open access reading list on these issues
@fborgesius et al ivir.nl/publicaties/do… on bundling/tracking walls
@damicli @Jausl00s on fairness and DP papers.ssrn.com/sol3/papers.cf…, pretty typeset version academic.oup.com/yel/article/do…
@eleni_kosta papers.ssrn.com/sol3/papers.cf…
@fborgesius @damicli @Jausl00s @eleni_kosta oh also don't forget @damicli (again) jipitec.eu/issues/jipitec… which was even cited in the AG opinion

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Michael Veale

Michael Veale Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mikarv

Michael Veale Profile picture
Feb 8
The French presidency of the Council sent a compromise text on arts 16-29 of the EU AI Act, leaked to @Contexte. My analysis below: Thread 1/
To get caught up, previous thread on Council changes tranche 1:
And tranche 2:
Read 10 tweets
Michael Veale Profile picture
Feb 8
Finally! @FD_Nieuws reports the Dutch DPA is telling all actors in NL to stop profiling users w/ real-time bidding & associated tracking architectures, after the Belgian DPA's ruling on structural inadequacies of the IAB Europe's 'cookie banner' fix, TCF. fd.nl/tech-en-innova…
They are not currently announcing an enforcement plan relating to publishers.
IAB Europe didn't comment, but have already said they think, according to hand-wavey legal logic, that enforcement against any RTB actor shouldn't be allowed while a *national* appeal concerning *them*, not any other actor, is pending in Belgium. Really? perma.cc/SS32-P6D9
Read 4 tweets
Michael Veale Profile picture
Feb 7
Scholars! Your regular reminder not to use Mendeley to manage refs; this Elsevier product force encrypts your local database (lying that it’s for GDPR) so you can’t migrate to eg Zotero, leaving the only export via an online API they can kill whenever. zotero.org/support/kb/men…
as the @zotero team notes, “Elsevier later stated that the change was required by new European privacy regulations — a bizarre claim, given that those regulations are designed to give people control over their data and guarantee data portability, not the opposite”.
I wonder why Elsevier wants to see, on their servers, copies of all the downloaded scholarly PDFs in the world…
Read 4 tweets
Michael Veale Profile picture
Feb 4
Significant news for the AI Act from the Commission as it proposes its new Standardisation Strategy, involving amending the 2012 Regulation. Remember: private bodies making standards (CEN/CENELEC/ETSI) are the key entities in the AI Act that determine the final rules. 🧵
Firstly, the Commission acknowledges that standards are increasingly touching not on technical issues but on European fundamental rights (although doesn’t highlight the AI Act here). This has long been an elephant in the room: accused private delegation of rule making by the EC.
They point to CJEU case law James Elliot in that respect (see 🖼), where the Court has brought the interpretation of harmonised standards (created by private bodies!) within the scope of preliminary references. Could have also talked about Fra.Bo and Comm v DE.
Read 13 tweets
Michael Veale Profile picture
Feb 1
Very detailed and wide-ranging decision of the Belgian DPA regarding cookie tracking in relation to (from inference, it's badly anonymised...) the @EDAATweets, the service that runes Your Online Choices (ht @PrivacyMatters) autoriteprotectiondonnees.be/publications/d…
Admittedly, the Chamber at the end says it wasn't really trying to anonymise. Image
So, the EDAA runs a site called "Your Online Choices", an incredibly little used, awkward & archiaic self regulatory initiative of the ad industry to try and claim that people have online choices in the absence of them. This website is linked to by ads, and itself places cookies. ImageImageImage
Read 11 tweets
Michael Veale Profile picture
Jan 21
The French presidency of the Council send around a compromise text last week on arts 8-15 of the EU AI Act (some of the requirements for high risk systems). My analysis of them below: 🧵 1/
Remember that the AI Act hinges on proprietary, privately determined standards from CEN/CENELEC. The Commission always holds these are optional, but the proposal goes (further) in making it impossible to comply without buying them (~100 EUR) and referring to them. Image
Scholars have long said that harmonised standards are not simply a substitute for the essential requirements laid down in legislation, but a de facto requirement. Note Art 9(3) of the AIA also makes reference to them universally compulsory. Law behind paywalls, made privately. ImageImage
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mikarv has new unrolls!

Check out other threads from @mikarv!

Read all threads by @mikarv

:(