PrivacyPod Podcast Ensemble

Prepare to get your mind blown (and not necessarily in a good way) - in this episode Laura, Floora, Pilvi, Milla and Hannes (what a full house!) discuss the theory and practice behind data processing roles. 
What is the background of the roles, what is working and not working - why does CJEU want everyone to be joint controllers, what about the AI Act and much more.
If you bear with us to the very end we even throw in some suggestions on how to develop a less complex life for the many privacy professionals.
linkit:
EDPB guideline on controller and processor:
https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-072020-concepts-controller-and-processor-gdpr_en 
CJEU, judgment of July 10, 2018, Jehovan todistajat, C‑25/17, EU:C:2018:55 https://curia.europa.eu/juris/document/document.jsf?text=&docid=203822&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305431
CJEU; judgment of June 5, 2018, Wirtschaftsakademie Schleswig-Holstein, C‑210/16, EU:C:2018:388 https://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305548 
CJEU, judgment of July 29, 2019, Fashion ID, C‑40/17, EU:C:2019:629 https://curia.europa.eu/juris/document/document.jsf?text=&docid=216555&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1305826 
 
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/

Cambridge Analytica, Brexit, Trump, Russian Trolls. Political microtargeting has shaped the world and our society more and longer than we would like to admit. The European Union decided to fight back on it with Regulation on the transparency and targeting of political advertising, yet the road to the regulation was everything but smooth. Time will tell how or if the regulation will be able to actually make a difference.
On this episode, Milla and Pilvi are going back to this important subject with our very special guest, privacy influencer and an Estonian lawyer Norman Aasma, who wrote his master thesis on the subject. Together we will discuss the road to the regulation, what was the issue with banning the use of sensitive personal data, what does the regulation actually regulate, and what change we can expect it to make. 
The episode was recorded on the 27th of May 2024, just before the EU Elections, and thus, we also discuss the current EU Elections and take a brief look at the political advertising taking place (or the lack of it…). We compare it to the research data and results that we have gained from conducting research on the Finnish elections (see our Finnish podcast TietosuojaPod episodes #66 and #52). 
So hit play and join us to enjoy a moment in privacy!
 
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com

“Welcome! Welcome! Welcome! To PrivacyPod Joost’s Case Corner Episode, we are your hosts Milla and Pilvi with Joost Kle… Gerritsen. Thank you so much for joining us and let us begin with our first and most important story, the events of last week’s Eurovision and the big denim egg that made it all the way to “Last Week Tonight” with John Oliver (Go Finland!).” 
After we have gathered ourselves from the too short (Panu’s comment which has been noted) section on Eurovision, we move head first to the most interesting recent CJEU cases! And what is on the chopping block today?
CJEU NADA and Others [C-115/22], where doping results were published online. 
CJEU Juris [C-741/21], where a lawyer wanted to be compensated on receiving direct marketing which for some reason made some of our hosts just lose it (sorry).
CJEU IAB Europe [C-604/22], where our focus is on the joint controllership aspect of the case.
Thank you so much for listening and good night!
Links:
Belgian DPA’s Decision on IAB Europe: 
decision-quant-au-fond-n-21-2022-en.pdf (autoriteprotectiondonnees.be)
CJEU NADA and Others [C-115/22]:
https://curia.europa.eu/juris/document/document.jsf?text=&docid=285723&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2737812
CJEU Juris [C-741/21]:
https://curia.europa.eu/juris/document/document.jsf?text=&docid=284641&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738131
 
CJEU IAB Europe [C-604/22]:
https://curia.europa.eu/juris/document/document.jsf?text=&docid=283529&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=2738315
 
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com
 

We’re so glad to geek out on something a bit different this week, as we welcome Natallia Karniyevich to discuss all things cyber with our hosts Hannes Saarinen and Milla Keller. Natallia is a senior associate at Bird & Bird, where she also co-chairs Bird & Bird’s international cybersecurity steering group. 
Natallia guides us through what has been a flood of new, stricter cybersecurity legislation. We discuss the background and need behind the new laws. We look a bit closer specifically at the NIS2 Directive, which brings tighter requirements to many different kinds of organizations. And ofcourse, we discuss what do these new laws mean for privacy professionals: how does cyber intersect with the GDPR?
 
 
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com
 

We have good news and bad news. Good news are, we are returning with Joost’s Case Corner, so expect lots of CJEU goodness from this episode. Bad news are, we get pretty distracted by other (equally important) topics before actually getting to the CJEU privacy cases… But don’t worry, whatever recent case law we didn’t cover in this episode, we’ll come back to in another episode in a few weeks!
Ok, so what do we discuss in this episode? We had to start with EDPB’s Pay or Consent Opinion, as that is the most exciting piece of news from last week. Related to that, we also dare to talk about the Advocate General’s Opinion in the C-446/21 Schrems v Facebook case - even though the AG Opinion was only published after we recorded the episode. 
The CJEU cases we cover in this episode are:


CJEU Belgian State – Data processed by an official journal [C-231/22]
CJEU Gesamtverband Autoteile-Handel [C-319/22]
CJEU FT – Copies of medical records [C-307/22]
CJEU Ministerstvo zdravotnictví – COVID-19 mobile application [C-659/22]
(Upcoming on 7 May 2024) - CJEU NADA and Others [C-115/22]
 
Did you enjoy our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com

Laura and Panu are joined by Otto Lindholm to discuss recent CJEU case related to Finnish transparency laws and disclosing criminal conviction data via telephone. What is the Finnish tradition of transparency of official documents really about, are we now losing it and what’s going to happen?
If you ask Panu, doomsday is upon us. Transparency is dead and criminals, politicians and reality tv contestants will run amok with no accountability. Or then its just a storm in a tea cup. Panu does make a lot of mistakes, such as reads the European Charter of Fundamental Rights wrongly.
In other news, but no less important, the Court actually states that oral transfer of data from a filing system is processing of personal data. Did you see that one coming? The cool privacy kids did, Panu did not.  The discussion twists and turns and reaches some kafkaesque levels but who cares - privacy theory is fun.
 
Hope you enjoyed our show? Support us by buying us a coffee here: https://bmc.link/privacypod4u
We would love to get feedback – so please tag us, follow us, DM us, or send us traditional email:
Twitter: https://twitter.com/PodPrivacy, #privacypod
Instagram: @privacypod
LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/
Email: tietosuojapod@protonmail.com