Эпизоды

  • Are you googling me? Stop googling me, Jyri!

    In this episode Jyri, Pilvi, and Milla take a look at the latest interesting privacy news. The repertoire includes discussion on what happens when regulation is 20 years late (=personalized ads and privacy issues) in the form of LinkedIn’s 310 million euro fine and NOYB’s Pinterest complaint.

    We also fall in love (and you will too) with Germany’s Traunstein Court and their Schrems II case (transfers to the US), where the court gave out a decision that seems to include some common sense (no joke). Do listen in for some statements that will first make you feel warm and fuzzy, smiling from ear to ear, and then break you in the “Don’t do that, Don’t give me hope.” -meme kind of way. But hey–when was the last time you felt warm and fuzzy about a Schrems II decision? We thought so too. We all need this, we’ve been through a lot.

    We also rant about the latest “know your sub-processors to the infinity and beyond” EDPB guideline draft and most importantly, Jyri tells you in detail how you can actually get some suggestions implemented in the public consultation rounds (no joke).

    So grab your Halloween-candy-flavored-popcorn and enjoy some privacy goodie-goodie! You deserve it and darling, we got you.



    Did you enjoy our show? Support us by buying us a pumpkin spice latte here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, send us your Pinterest boards, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

  • In this episode, amazing hosts Milla Keller and Floora Kukorelli sit down with Jussi Mäkinen to discuss the (bright?) future of EU technology regulation. Jussi Mäkinen leads the EU regulatory team at the Federation of Finnish Technology Industries and has extensive experience in digital regulation, both in drafting policies and advocating for industry interests.

    The discussion revolves around the so-called Draghi Report, in which the former European Central Bank President and Prime Minister of Italy Mario Draghi warns that the EU is falling behind the US and China in the use of data and digital services. The report suggests that Europe’s declining competitiveness is partly due to its stringent data (protection) regulations. The conversation explores whether the Draghi Report marks a turning point in EU data protection policies and what it might mean for the future.

    The episode also looks at the role of the incoming European Commission in shaping future technology regulations, with special attention to Commissioner Henna Virkkunen from Finland, who oversees areas like technology and competitiveness. The discussion examines her approach and the potential impact it could have on EU tech regulation.

    Additionally, the episode delves into the future of the EU’s General Data Protection Regulation (GDPR) and the fate of the ePrivacy Regulation. Our guest believes that a more practical approach to privacy is needed moving forward, with the EU striking a better balance between protecting privacy and fostering innovation - the million dollar question is, where this balance lies.

    This episode provides an engaging and timely look at the current state and future prospects of EU technology regulation for anyone interested in the digital economy and EU policymaking.

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • Пропущенные эпизоды?

    Нажмите здесь, чтобы обновить ленту.

  • Get ready for a super META conversation—no, not about social media, but about who we are and what we really do. Milla and Laura are joined by the privacy guru herself, Natalija Bitiukova (Head of Privacy at Carlsberg). They almost spent the entire episode talking about beer, but once they tapped into Natalija’s epic level of privacy geekdom, the focus shifted back to our roles in the privacy world.

    Stick around until the end, and you’ll be treated to the story of the most romantic gift in the universe (hint: “the world” just doesn’t cut it).

    There’s a lot to unpack in today’s chat, so take notes—what you agree with, disagree with, or just find hilariously nerdy—and we’ll do a future episode where we read your comments and dive deeper. Grab your earbuds and let’s get META!

    LINKS:

    Natalija’s hobby: https://streamlex.eu/

    EDPB survey on DPO: https://www.edpb.europa.eu/news/news/2024/edpb-identifies-areas-improvement-promote-role-and-recognition-dpos_en

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • The world of privacy and AI shook and trembled when Hamburg's Data Protection Authority published its edgy discussion paper on Large Language Models (LLM). In a nutshell, they stated that LLMs do not store personal data and that this is in line with the CJEU’s views. Milla and Pilvi were honored and humbled (=overly excited with fangirl-hats on) to have Dr. Markus Wünschelbaum, Policy and Data Strategy Advisor at the Hamburg Data Protection Authority, to discuss what’s this all about. And what a discussion this ended up being!

    Markus takes our (and your) hands and walks us all through the discussion paper’s key points and how the DPA ended up with this view: From the technical key points (it’s all about probabilities) all the way to the legal gymnastics and philosophy. On the other hand we also discuss what the result and impact would be if we would take the stance that LLMs do in fact store personal data and if that would actually make any sense. And what about NOYB’s complaint on OpenAI?

    All this and much, much more awaits all our 6 listeners in this episode that you should not miss. After the recording our hosts needed a moment to gather themselves from all the excitement. We tried to be tough journalists but how can you not get excited about all this. We love DPAs with edgy action and hot tea to serve. Sorry about that. BUT IT WAS TOO FUN!

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]



    Links:

    In German:

    https://datenschutz-hamburg.de/news/hamburger-thesen-zum-personenbezug-in-large-language-models

    In English:

    https://datenschutz-hamburg.de/fileadmin/user_upload/HmbBfDI/Datenschutz/Informationen/240715_Discussion_Paper_Hamburg_DPA_KI_Models.pdf

  • In this episode, Jyri, Milla, and Pilvi walk you through the latest hottest tea in privacy and data protection. First, we turn our attention to the herald of doom itself: Clearview and the actions taken by the Dutch Data Protection Authority (fine of 30,5 million euros and then some). Will the Dutch DPA follow through with going after the management and inflict personal liability the managers or directors of Cleaview?

    We also explore whether such a grim herald can have any positive aspects. The Dutch DPA suggests that the government could create its own version of Clearview, raising an important question. Should we, as a human society, pursue every technological capability simply because we can?

    Next, we visit the herald of digital future and all things beautiful, that is of course Sweden. The Swedish data protection authority, IMY, has given out two fines for unfortunate use of Meta pixels by a pharmacy and a bank that led to leaking sensitive personal data to Meta. The cases have some meme aspects (legal said no) but also raise up important questions: what is the root cause? Could Meta’s way of enrolling in updates be the one to blame? What steps to take to ensure your organization’s compliance?

    Then, we take a look at the latest blog by Anu Talus, the Finnish Data Protection Ombudsman and the the Chair of the European Data Protection Board. She admires Sweden (don’t we all?), who seems to thrive under the GDPR rules whereas Finland’s Data Protection Authority remains under-resourced, raising concerns about its ability to support future demands. She distinctly calls out for the ability to fine the public sector also in Finland (one of the few countries where this isnt possible), and discusses the AI Act.

    Lastly, we dive into a fast-paced Lightning Round™ of key data protection developments. From the Belgian DPA’s crackdown on dark patterns in cookie consent to fines against Uniqlo by the Spanish DPA (AEPD), and a penalty for Vejen Municipality in Denmark over stolen school laptops, important actions are shaping the landscape. We also explore Liechtenstein’s insights on remote work and

    This and much more (such as some tips on who to follow on LinkedIn) awaits behind the play-button!



    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

    Links:

    Clearview fine:
    https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition

    Swedish Meta Pixel cases:
    https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/


    https://www.imy.se/nyheter/sanktionsavgifter-mot-apoteket-och-apohem-for-overforing-av-personuppgifter-till-meta/

    Anu Talus’ blog:
    https://tietosuoja.fi/-/tekoaly-hoi-missa-suomen-digistrategia-

    Belgian DPA’s cookie case:
    https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-113-2024-van-6-september-2024.pdf

    Uniqlo fine:
    https://www.edpb.europa.eu/news/national-news/2024/spanish-supervisory-authority-fined-uniqlo-europe-ltd-violations-article_en

    Vejen Municipality fine:
    https://www.datatilsynet.dk/afgoerelser/afgoerelser/2024/aug/endnu-en-kommune-indstillet-til-boede-for-manglende-kryptering

    The DPA of Lichtenstein’s activity report for 2023:
    https://www.datenschutzstelle.li/application/files/3417/2526/0394/WEB_Datenschutzstelle_Taetigkeitsbericht_2023.pdf

  • See how we get back to podcasting after the brat summer? Very demure, very mindful. We are not like these other podcasts, we don’t come back for the new season with a half-planned episode, we don’t use chatGPT to make notes, we don’t record too long episodes where half of it is just giggling–we’re very mindful, very considerate, very cutesy.

    In today’s very considerate episode Jyri, Milla, and Pilvi walk you through the most interesting news from the summer, such as the mega fine of €13,9 million given by the the Czech Supervisory Authority to a cyber security company that shared data of 100 million data subjects to its subsidiaries in a not very mindful way. We also discuss the latest drama on the EU Commission’s Preliminary DMA Findings on Pay or Consent as well as Meta suing the EDPB that is very interesting, very cutesy.

    We also take a look at the secret collaboration between Meta and Google to target ads at 13–17-year-olds and have a discussion on what’s the harm in this? Is it really a problem or are we just trying to hold on to a world that is not realistic? We are not like these other privacy people–we don’t just gush about this–we explore different perspectives and play devil’s advocate. Very mindful, very considerate, very demure.

    These and much more in this episode where we do not try to play too much slightly off pitch on the hottest meme by the amazing @joolieannie , we’re very considerate, very funny, very cutesy, very mindful, and most certainly very demure.

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]




    Links:

    Big fine in Czech:

    https://www.edpb.europa.eu/news/news/2024/czech-sa-imposed-fine-139-million-eur-infringement-art-6-and-art-13-gdpr_en

    EU Commission and Pay or Consent:

    Commission sends preliminary findings to Meta over its “Pay or Consent” model for breach of the Digital Markets Act - European Commission (europa.eu)

    Meta and Google not very demure collaboration:

    https://www.ft.com/content/b3bb80f4-4e01-4ce6-8358-f4f8638790f8

    NOYB annual report

    Annual_Report_2023_EN.pdf (noyb.eu)

    Scraping and OpenAI:

    Microsoft Word - 2024.08.02 FINAL OpenAI Complaint (2) (courtlistener.com)


    https://www.legaldive.com/news/nvidia-open-ai-face-youtube-creator-lawsuits-for-using-online-videos/724498/

  • Prepare to get your mind blown (and not necessarily in a good way) - in this episode Laura, Floora, Pilvi, Milla and Hannes (what a full house!) discuss the theory and practice behind data processing roles.

    What is the background of the roles, what is working and not working - why does CJEU want everyone to be joint controllers, what about the AI Act and much more.

    If you bear with us to the very end we even throw in some suggestions on how to develop a less complex life for the many privacy professionals.

    linkit:

    EDPB guideline on controller and processor:

    https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-072020-concepts-controller-and-processor-gdpr_en

    CJEU, judgment of July 10, 2018, Jehovan todistajat, C‑25/17, EU:C:2018:55 https://curia.europa.eu/juris/document/document.jsf?text=&docid=203822&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305431

    CJEU; judgment of June 5, 2018, Wirtschaftsakademie Schleswig-Holstein, C‑210/16, EU:C:2018:388 https://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305548

    CJEU, judgment of July 29, 2019, Fashion ID, C‑40/17, EU:C:2019:629 https://curia.europa.eu/juris/document/document.jsf?text=&docid=216555&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305826

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

  • Cambridge Analytica, Brexit, Trump, Russian Trolls. Political microtargeting has shaped the world and our society more and longer than we would like to admit. The European Union decided to fight back on it with Regulation on the transparency and targeting of political advertising, yet the road to the regulation was everything but smooth. Time will tell how or if the regulation will be able to actually make a difference.

    On this episode, Milla and Pilvi are going back to this important subject with our very special guest, privacy influencer and an Estonian lawyer Norman Aasma, who wrote his master thesis on the subject. Together we will discuss the road to the regulation, what was the issue with banning the use of sensitive personal data, what does the regulation actually regulate, and what change we can expect it to make.

    The episode was recorded on the 27th of May 2024, just before the EU Elections, and thus, we also discuss the current EU Elections and take a brief look at the political advertising taking place (or the lack of it…). We compare it to the research data and results that we have gained from conducting research on the Finnish elections (see our Finnish podcast TietosuojaPod episodes #66 and #52).

    So hit play and join us to enjoy a moment in privacy!

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • “Welcome! Welcome! Welcome! To PrivacyPod Joost’s Case Corner Episode, we are your hosts Milla and Pilvi with Joost Kle… Gerritsen. Thank you so much for joining us and let us begin with our first and most important story, the events of last week’s Eurovision and the big denim egg that made it all the way to “Last Week Tonight” with John Oliver (Go Finland!).”

    After we have gathered ourselves from the too short (Panu’s comment which has been noted) section on Eurovision, we move head first to the most interesting recent CJEU cases! And what is on the chopping block today?

    CJEU NADA and Others [C-115/22], where doping results were published online.

    CJEU Juris [C-741/21], where a lawyer wanted to be compensated on receiving direct marketing which for some reason made some of our hosts just lose it (sorry).

    CJEU IAB Europe [C-604/22], where our focus is on the joint controllership aspect of the case.

    Thank you so much for listening and good night!

    Links:

    Belgian DPA’s Decision on IAB Europe:

    decision-quant-au-fond-n-21-2022-en.pdf (autoriteprotectiondonnees.be)

    CJEU NADA and Others [C-115/22]:

    https://curia.europa.eu/juris/document/document.jsf?text=&docid=285723&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2737812

    CJEU Juris [C-741/21]:

    https://curia.europa.eu/juris/document/document.jsf?text=&docid=284641&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738131

    CJEU IAB Europe [C-604/22]:

    https://curia.europa.eu/juris/document/document.jsf?text=&docid=283529&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738315

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • We’re so glad to geek out on something a bit different this week, as we welcome Natallia Karniyevich to discuss all things cyber with our hosts Hannes Saarinen and Milla Keller. Natallia is a senior associate at Bird & Bird, where she also co-chairs Bird & Bird’s international cybersecurity steering group.

    Natallia guides us through what has been a flood of new, stricter cybersecurity legislation. We discuss the background and need behind the new laws. We look a bit closer specifically at the NIS2 Directive, which brings tighter requirements to many different kinds of organizations. And ofcourse, we discuss what do these new laws mean for privacy professionals: how does cyber intersect with the GDPR?

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • We have good news and bad news. Good news are, we are returning with Joost’s Case Corner, so expect lots of CJEU goodness from this episode. Bad news are, we get pretty distracted by other (equally important) topics before actually getting to the CJEU privacy cases… But don’t worry, whatever recent case law we didn’t cover in this episode, we’ll come back to in another episode in a few weeks!

    Ok, so what do we discuss in this episode? We had to start with EDPB’s Pay or Consent Opinion, as that is the most exciting piece of news from last week. Related to that, we also dare to talk about the Advocate General’s Opinion in the C-446/21 Schrems v Facebook case - even though the AG Opinion was only published after we recorded the episode.

    The CJEU cases we cover in this episode are:

    CJEU Belgian State – Data processed by an official journal [C-231/22]

    CJEU Gesamtverband Autoteile-Handel [C-319/22]

    CJEU FT – Copies of medical records [C-307/22]

    CJEU Ministerstvo zdravotnictví – COVID-19 mobile application [C-659/22]

    (Upcoming on 7 May 2024) - CJEU NADA and Others [C-115/22]

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • Laura and Panu are joined by Otto Lindholm to discuss recent CJEU case related to Finnish transparency laws and disclosing criminal conviction data via telephone. What is the Finnish tradition of transparency of official documents really about, are we now losing it and what’s going to happen?

    If you ask Panu, doomsday is upon us. Transparency is dead and criminals, politicians and reality tv contestants will run amok with no accountability. Or then its just a storm in a tea cup. Panu does make a lot of mistakes, such as reads the European Charter of Fundamental Rights wrongly.

    In other news, but no less important, the Court actually states that oral transfer of data from a filing system is processing of personal data. Did you see that one coming? The cool privacy kids did, Panu did not. The discussion twists and turns and reaches some kafkaesque levels but who cares - privacy theory is fun.

    Hope you enjoyed our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • It’s been a heavy spring. So many new things are coming to privacy folk’s way, the world is (literally) shaking, we are killing our one planet, old men are driving the world to turmoil and horror. The world is getting darker.

    Therefore, without forgetting the importance of discussing all the difficult things, we decided to treat you with an invitation to Milla’s happy place: to discuss something that is full of bright colors and makes everyone focus, just for a brief moment, on the importance of coming together and enjoying the beautiful wonders that people do. We are of course talking about the Eurovision!

    Will ABBA serve a beautiful Swedish Suprise in May in Malmö? Which year did TIX compete for Norway (Milla gets this wrong)? What country did Flo Rida compete for? And whats the most efficient way to collect consent? One of these questions is not answered in this episode.

    Even though the task was to talk a little bit about Eurovision and a lot about privacy, Pilvi kinda ends up interviewing Milla about her love for the Eurovision and all the wonderful twists and turns this performance art competition includes. We also asked the presenters to take few breaks for editing purposes, but guess that was too much to ask. And anyway we maybe did or didn’t have time to cover privacy-related news - one has to prioritize.

    So put on your headphones, grab a glass of your favorite beverage, and slide into the bliss of Eurovision for a moment – it’s on us!

    And Herkko, you can skip this episode!

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • Friends, Romans, countrymen, lend us your ears!

    We’ve come to discuss if transparency matters, not to bury it.

    The insufficient privacy decisions that men do lives after them;

    The efforts for better privacy is oft interred with their business minded decisions;

    So let it be with transparency. The noble controllers

    hath told you GDPR is impossibly ambitious:

    if it were so, it was a grievous fault,

    And grievously hath DPAs enforced it.

    Here, under leave of our Executive Producer and the rest-

    For he is an honorable man;

    so are we all, all honorable people–

    come we to battle this out for once and for all.

    And battle we shall. It is no secret that the PrivacyPod back-chat is often turned into a gladiator arena where we battle our views to the very end. One of the most discussed subject is if transparency even matters and what is the point of it. This time, Floora has set up the challenge and armed our gladiators Milla and Pilvi with gladius swords and retes nets, and lets them lose on the arena.

    Who barricades themselves on a hill of business minded decisions? Does better transparency create more risks or will it reduce risks? Is transparency a zero-sum game? Who tries to take a victory lap on a high horse only to be knocked down? Who has the high ground? Who tries to win all Partners to their side with icky frases? Will our friendship survive this or will this be the end of PrivacyPod?

    So grab some popcorn and join in for a Shakespeare level drama!

    Links:

    Klarna case:
    https://www.edpb.europa.eu/news/national-news/2022/swedish-authority-privacy-protection-imy-issues-administrative-fine-against_en

    https://www.imy.se/en/news/administrative-fine-against-klarna-after-investigation/

    Whatsapp case:

    https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry

    Shakespeare: Julius Caesar, Act III, scene II:

    https://www.poetryfoundation.org/poems/56968/speech-friends-romans-countrymen-lend-me-your-ears

    https://www.youtube.com/watch?v=q89MLuLSJgk

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • It’s about time you fell in love with something that will love you back, and that, our friends, is the crossroad of privacy, government openness, and freedom of speech. It doesn’t judge you, and we won’t either.

    The European Court of Justice, however, will totally judge you, even if it goes against deep roots or local law in your country. In this episode, Pilvi and Jyri will discuss the new (Finnish!) European Court of Justice case “Endemol Shine”. Here a Finnish district court had denied the release of court documents due to GDPR to a producer conducting background checks for reality TV, despite local statutes on openness of court documents. We continue on the same path with discussing NOYB filing a complaint on MrKoll in Sweden, which touches upon the Nordic unwillingness to judge and define what journalism and media is. We end up wondering if GDPR is obliterating Nordic cultures and what consequences this may have.

    On other news, the USA will totally judge you as well if you are TikTok or happen to be from Singapore. We discuss the “The US TikTok Ban” as an interesting reaction to possible cross-border data transfers to a country that might use that personal data for intelligence activities… sounds vaguely familiar.

    We also discuss the Verkkokauppa.com case where the Finnish DPA decided on a record fine of 856 000 euros for not having defined retention times for online customers’ customer account data as well as forcing all online customers to create an account.

    This episode will also include the first ever musical number of PrivacyPod.

    So push play, hop on to this love boat, and we´ll take good care of you.

    (Ps. If you missed it, the EU Parliament accepted the AI Act.)

    Links:

    Endemol Shine
    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62022CN0740

    NOYB and MrKoll:
    https://noyb.eu/en/swedish-data-brokers-claim-journalists-legal-protection-evade-eu-law

    How to get a media license in Sweden:
    https://mediemyndigheten.se/ansokan-och-registrering/medier-pa-natet/

    H.R.7521 - Protecting Americans from Foreign Adversary Controlled Applications Act:
    https://www.congress.gov/bill/118th-congress/house-bill/7521?q=%7B%22search%22%3A%22TikTok%22%7D&s=1&r=5


    Case Verkkokauppa.com (In Finnish, translatable):
    https://tietosuoja.fi/-/verkkokauppa.comille-seuraamusmaksu-asiakastietojen-sailytysajan-maarittelematta-jattamisesta-myos-vaatimus-asiakkaan-rekisteroitymisesta-oli-lainvastainen

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • In this episode Milla, Pilvi, and Jyri try to save their faces after the Episode #51 meltdown only to discover that they are forever changed by that experience. Just when we brace ourselves to move forward like “a granny in a bog” as the Finns say, we hear a suspicious announcement: “Please remain calm, the end of the pre-DMA era has arrived, we cannot save you, enjoy the ride” that pushes us into observing the first signs of the DMA doomsday and ask: what is the point of all the new consents rolling onto our screens? Will it be an effective way to control the digital markets?

    Furthermore, we peek to the other side of the pond and see how the new executive order that the frisky American president has issued will change the US privacy forever… or is it just a big whoop about nothing? We also take a look at the EDPB’s opinion on the main establishment that seems like a promising idea but in reality, we arrive again to the question if it is—you guessed it–a big whoop about nothing?

    So turn up the volume and hold on to your doomsday hat, because this and much more awaits you and our other 5 listeners in this episode.

    LINKS:

    About DMA
    https://digital-markets-act.ec.europa.eu/about-dma_en

    The US Executive Order:
    https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/28/fact-sheet-president-biden-issues-sweeping-executive-order-to-protect-americans-sensitive-personal-data/


    EDPB on main establishments:
    https://edpb.europa.eu/system/files/2024-02/edpb_opinion_202404_mainestablishment_en.pdf

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • We started this episode with so much enthusiasm, positivity, and excitement but we ended up thinking that this is the episode we wish to exercise our right to be forgotten on. We start with the Google case on, you guessed it, right to be forgotten, where the Swedish court ordered Google to pay SEK 50 million in fines and declared that Google cannot provide publishers a list of de-listed websites to the webmasters thus confirming the EDPB’s (and WP29’s) guidance on the matter.

    We question the EDPB guideline and the Court’s ruling and somehow we end up in a very confusing situation where Pilvi rambles on, Jyri refuses to understand, and Milla is desperately looking for an exi(s)t sign. We caution you to listen at your own risk.

    We also cover the latest DMA drama regarding Apple app store including Spotify’s hot take on it. Furthermore, we return to Google and wonder how the consent mode v2 can be legal?

    Join in for the episode and please have mercy on us.

    LINKS:

    The Irish Independent article:

    https://m.independent.ie/irish-news/courts/google-forced-to-stop-telling-publishers-about-right-to-be-forgotten-decisions-after-court-ruling/a596519256.html

    Sweden’s Aftonbladet article: https://www.dagensmedia.se/medier/digitalt/dom-mot-google-vinner-laga-kraft/

    On Google’s consent mode v2:

    https://www.cookiebot.com/en/googles-consent-mode-deadline-ads-privacy-compliance/

    Spotify’s take on Apple store changes and the issues with the DMA:

    https://newsroom.spotify.com/2024-01-26/apples-proposed-changes-reject-the-goals-of-the-dma/



    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • Take a tight grip on your cups listeners, because today we are spilling the hottest tea of the legal world, a behind the scenes story of the AI Act. We delve into this with a person who had the front seat at the closed-door tea party: Dan Nechita, the Head of Cabinet to Romanian MEP Dragos Tudorache (Renew Europe) at the European Parliament. Dragos Tudorache has served as a rapporteur on the file.

    Renew Europe is liberal, pro-European political group of the European Parliament founded for the ninth European Parliament term. The group is the successor to the Alliance of Liberals and Democrats for Europe (ALDE) group which existed during the sixth, seventh and eighth terms from 2004 to 2019. Renew Europe has been pushing for AI systems that respect fundamental rights and the EU's democratic values, provide legal certainty concerning innovation and investment, and facilitate the development of a single market for lawful and safe AI.

    Dan takes us to the room where it all happened and talks about what transpired during the all-nighter negotiations in December. He also sheds light on the background of the AI Act and whether or not we can breath already or will there be more changes. We try to guess why did the AI Act leak as well as what happened to the General Purpose AI, and if the Fundamental Rights Risk Assessments is just a DPIA that slays.

    We also discuss whether the legislators understand how expensive this will be for the organizations: is it a case of because you’re worth it…or because they can afford it?

    ...And Milla and Pilvi totally forgot that this was our 50. podcast. Oh well, we will celebrate at 100 then.

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • A new year of PrivacyPod is kicked off with an episode covering the hottest topics and most intriguing privacy news so far!

    Hosted by Milla and Laura, in this show our privacy DSARs speculate what the actual is up with Meta’s consent or subscribe. And it would not be a 2024 privacy show if we would not dip in to what to expect in 2024 regarding recently leaked the EU AI Act.

    We discuss a German case where the local court raised the bar high for answering data subject access requests (commonly known as DSARs) on time. Somewhat unexpectedly we find ourselves defending data brokers and cursing the difficulty of meeting those tough transparency requirements.

    Links

    Meta decision coming: https://politico-tech.simplecast.com/episodes/an-exit-interview-with-europes-most-powerful-privacy-regulator

    Leaked AI act:

    https://iapp.org/news/a/eu-ai-act-draft-consolidated-text-leaked-online/

    German case

    https://www.arbeitsrechtsiegen.de/artikel/bewerberanspruch-auf-auskunft-nach-art-15-dsgvo-und-schadensersatz-aus-art-82-dsgvo/

    Black tiger case

    https://www.gegevensbeschermingsautoriteit.be/burger/gba-sanctioneert-gegevensbeheerder-black-tiger-belgium-wegens-gebrek-aan-transparantie

    https://www.autoriteprotectiondonnees.be/citoyen/lapd-sanctionne-lentreprise-de-gestion-de-donnees-black-tiger-belgium-pour-manque-de-transparence

    https://www.dataguidance.com/news/belgium-dpa-issues-174640-fine-black-tiger-unlawful

    Poland Bisnode 2019:

    https://iapp.org/news/a/polands-dpa-issues-first-gdpr-fine/

    https://uodo.gov.pl/en/553/1572 (The Supreme Administrative Court upheld the decision of

    the Personal Data Protection Office (UODO)

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]

  • In this week’s episode Milla discusses with Gabriel Silva from TravelPerk the best practices for using AI to enhance your work as a privacy professional. TravelPerk has recently started using a custom-built Legal Bot, which crunches through hundreds of privacy and other legal questions. What do you need to consider when you outsource legal work to a bot?

    How do you finetune the model to make sure that the answers are relevant? Gabriel shares his practical experience on all of this. We also discuss other AI tools that are available for anyone. What kind of work tasks is AI good for? How to get started with prompting - and how to get better at it?

    Gabriel is based in Barcelona and works as Legal Manager for privacy at Travel Perk which is a platform for business travel bookings. Gabriel has previously worked at Google at Google’s legal operations.

    Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u

    We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:

    Twitter: https://twitter.com/PodPrivacy, #privacypod

    Instagram: @privacypod

    LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

    Email: [email protected]