The Privacy Partnership Podcast with Robert Bateman
Robert Bateman provides the latest on data protection and privacy, with regular solo news updates and short-form interviews. Brought to you by Privacy Partnership: www.privacypartnership.com
Episodes
41 episodes
Decoding the AI Act: A first look at the Commission’s "high-risk" draft guidelines
The European Commission just dropped its highly anticipated first set of draft guidelines on high-risk AI classification under the AI Act—all 150 pages of them. Published for stakeholder consultation on May 19th, 2026, this document is the clos...
Get 40% off an ICO fine! The South Staffordshire case and early settlements
How do you knock 40% off a looming data protection fine? In this episode of the Privacy Partnership Podcast, Rob Bateman breaks down the recent £963,900 penalty handed down by the ICO to South Staffordshire Plc and explores the fascinating proc...
RTM v Bonne Terre: Court of Appeal redraws the line on consent
The Court of Appeal has ruled that consent under the UK GDPR and PECR is objective. A data subject's hidden vulnerabilities are not, in themselves, decisive, and even a controller's constructive knowledge of those vulnerabilities is not a stand...
What actually counts as 'scientific research'? Here's the EDPB's six-point answer
On 15 April 2026, the European Data Protection Board adopted Guidelines 1/2026 on the processing of personal data for scientific research purposes. The 66-page document is now out for public consultation.In this episode, Robert Bateman b...
'Clarity in action'?! The EDPB's 2025 annual report and litigation battles
In this episode, Rob looks at the newly published European Data Protection Board (EDPB) annual report for 2025. We are skipping the usual backward-looking statistics to focus entirely on the regulator's pipeline for 2026 and the massive multi-f...
AI in recruitment: ICO highlights poor practices as UK overhauls automated decision-making rules
Are your hiring managers quietly letting an algorithm bin hundreds of job applications while claiming a human is technically in charge?This week on the Privacy Partnership Podcast, Rob unpacks a massive structural shift in the UK’s frame...
Brillen Rottler: A German optician fights back against 'abusive' DSARs
Are you seeing a rise in "copy-paste" Data Subject Access Requests (DSARs) designed primarily to extract a quick financial settlement?In this episode of the Privacy Partnership Podcast, Robert Bateman unpacks a highly practical new judgm...
Amazon's €746m fine overturned: But who actually won this case?
A €746 million GDPR fine gets completely annulled by a Luxembourg court. A massive, unmitigated victory for big tech, right? Not exactly. In this episode of the Privacy Partnership Podcast, Robert Bateman dissects the highly anticipated March 1...
Invisible, indestructible signatures: The AI Act’s text watermarking problem
Can you hide an indestructible, imperceptible signature inside a basic marketing blog post? The European Commission seems to think you should try. Following the release of the Second Draft of the Code of Practice on Transparency of AI-Generated...
Are you a 'data broker'? Maybe, under the EDPB’s expanding definition
Are you a data broker? You might not think so, but European regulators could soon be looking at your business model and concluding otherwise.In this episode of the Privacy Partnership Podcast, Robert Bateman breaks down a revealing marke...
Reddit’s £14.5m fine and the “hard problem” of age assurance
The ICO has issued a £14.47 million fine against Reddit for alleged children's privacy failures, officially signaling the end of the road for the age verification "honour system." But with the full penalty notice yet to be published, what can p...
EDPB highlights "right to erasure" inadequacies: Exceptions, backups, and pseudonymisation
Rob presents a few highlights from the EDPB's latest Coordinated Enforcement Framework report on the "right to erasure".- Poor storage limitation and retention schedule practices are leading to issues satisfying erasure requests.
CJEU: Private companies CAN sue the EDPB
In this episode of the Privacy and Partnership podcast, Rob discusses a significant ruling from the CJEU regarding WhatsApp's legal challenge against the European Data Protection Board (EDPB). The CJEU's decision allows c...
The ICO's planned 'experimentation regime' to attract AI firms to the UK
Rob discusses the recent letter from the Information Commissioner's Office (ICO) to UK government officials, highlighting the ICO's focus on economic growth and innovation. The ICO plans a statutory code of practice for AI and an "e...
Happy Data Protection Day! A brief history of UK data protection law
On Data Protection Day 2026, Rob talks us briefly through the history of data protection in the UK: From the "data users" of the Data Protection Act 1984 to the "recognised legitimate interests" of last year's Data (Use and Access) Act.<...
The EDPB and EDPS 'slam' AI Act reforms under the Digital Omnibus
Along with plans to "simplify" the GDPR, there's an AI Digital Omnibus that proposes amendments to the AI Act. In a new Joint Opinion, the EDPB and EDPS say they support the objective to simplify the law, but they don't seem to like any of the ...
Happy New Year? A look at the ICO's new 'international data transfers' guidance
Rob looks at the ICO’s newly released guidance on international transfers and what it means for UK privacy professionals.• The “Three-Step Test” for identifying restricted transfers• Why UK processors returning data to overseas contr...
'No surprises': The ICO and the Government come to an understanding
The ICO and the UK Government have come to an understanding: "No surprises", "supportive challenge", and a seat at the table for the Commissioner.A Memorandum of Understanding signed today between the ICO and the UK Government formalises...
Christmas Special: The top 5 data protection CJEU cases of 2025
Time for the Privacy Partnership Podcast Christmas Special, where Rob looks at his top 5 data protection CJEU judgments for 2025. Here's the list of cases I summarise in this podcast, which span data transfers, non-material damages,...
The Accidental Americans v FATCA: Like the Schrems cases, but for tax
The CJEU will soon hear the Belgian DPA's case against FATCA, the tax treaty that results in the systematic bulk transfer of data about thousands of "Accidental Americans" to the IRS.FATCA is a US law intended to prevent US citizens fro...
Did the CJEU just junk the EU's intermediary liability AND general monitoring rules? X v Russmedia
Did the CJEU just use the GDPR to junk the intermediary liability exemption and impose a general monitoring obligation? Here's a look at yesterday's Russmedia judgment.The facts are pretty grim: "X" saw an ad on an Russmedia's online mar...
The 'final straw': Open letter calls for inquiry into the ICO
A coalition of organisations and experts sent an open letter calling for a Parliamentary inquiry into the performance of the UK ICO. What's the problem, and will this work?Full disclosure: I was asked to sign this letter, but ...
It's here! Major proposed GDPR changes under the Digital Omnibus Regulation
In this episode of the Privacy Partnership Podcast, Rob walks you through the most important aspects of the proposed Digital Omnibus Regulation. • A new Article 88c states that processing of personal data for the development and ope...
GDPR's "death by 1000 cuts"? A look at the leaked Digital Omnibus draft
"Death by a thousand cuts?" That's what the leaked Digital Omnibus proposals represent to the GDPR, according to noyb.eu. Here's a look at some of the most significant ideas, from the new definition of "personal data" to the narrowing of Articl...
Up to 40% off UK GDPR fines! The ICO's draft enforcement guidance
The ICO is offering up to 40% off UK GDPR fines under its new draft Data Protection Enforcement Procedural Guidance. Here's how to take advantage of this special deal!The draft guidance updates the ICO's Regulatory Action Plan...