consent

17 posts

CJEU C-654/23 Inteligo Media 27 Mar 2025 AG Opinion

members – 2 min read

AG Szpunar: If someone creates an online account that includes access to your email newsletters, sending them qualifies as 'direct marketing’ under the ePrivacy Directive Article 13 and is covered by the exception in point 2. Under Article 95 GDPR, a lawful basis under Article 6 isn’t needed.

Mar 27, 2025

Rie Aleksandra

topic resource lawfulness

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025

Rie Aleksandra

EDPB personalised ads marketing

Consent or Pay resources

members – 2 min read

Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!

Jan 15, 2025

Rie Aleksandra

Meta personalised ads consent

My Meta Pay or Okay experience - now they're cutting the price with 40%

members – 5 min read

Latest: Meta reduces sub prices and offers new free choice with less personalised ads, claiming it "goes beyond what is required in the law". 💸 And gets huge fines: €797.72m from the 🇪🇺 EC for antitrust violations and $25.4m from 🇮🇳 India's competition authority for 2021 privacy notice failures.

Nov 15, 2024

Rie Aleksandra

CJEU Meta personalised ads

CJEU C-252/21 Meta Platforms and Others (General terms of use of a social network) 'Bundeskartellamt' 4 Jul 2023

members – 6 min read

The 'Bundeskartellamt' ruling, where the CJEU applies 'strictly' to the legal bases necessity test for the first time. 🔥 You might rely on legitimate interest for direct marketing, network security or product improvement, but the processing must now meet this higher threshold.

Nov 13, 2024

Rie Aleksandra

consent personalised ads fine

Grindr NOK 65m fine upheld in Norway (again)

members – 2 min read

The Oslo District Court ruled in favour of the state on all points, after Grindr sued the authorities after the Privacy Appeals Board fully upheld the DPA's decision, including the NOK 65m record fine. Preliminary win, but expect an appeal.

Jul 5, 2024

Rie Aleksandra

marketing guidance DPIA

Dutch DPA on education sector social media marketing

members – 4 min read

The DPA stresses that their advice applies generally to all social media and "of great importance" to all educational institutions and similar organisations in 🇳🇱.

Jun 17, 2024

Rie Aleksandra

CJEU consent ePrivacy

CJEU C-129/21 Proximus (subscribers' consent) 27 Oct 2022

members – 3 min read

Consent is required to list subscribers' details in publicly available directories. If obtained, including on behalf of other controllers, a data subject can withdraw it (= an erasure request) from any of them, and each controller may need to inform the others.

Apr 28, 2024

Rie Aleksandra

EDPB consent personalised ads

EDPB's controversial ‘Consent or Pay’ Opinion is here

members – 2 min read

[Updated 24 April with highlighted file + 🎙️] Is the EDPB trying to "rewrite the entire economic model of Big Tech and the adtech industry in the EU"? 🤔 Controversial Opinion just published!

Apr 24, 2024

Rie Aleksandra

DPA decision ePrivacy lawfulness

Denmark DPA says cookie walls are legal - and not

members – 2 min read

Update 26 Mar 2024: the DPA rejects reopening the cases, upholding that analytics/statistics aren't a necessary part of the alternative to paid access.

Mar 26, 2024

Rie Aleksandra

EDPB guidance lawfulness

EDPB Guidelines 5/2020 on consent

members – 6 min read

A 1-page summary of the EDPB's Guidelines: structure of valid consent, when is it invalid, what to do when it's withdrawn, key highlights and resources.

Dec 20, 2023

Rie Aleksandra