Are you seeing a rise in "copy-paste" Data Subject Access Requests (DSARs) designed primarily to extract a quick financial settlement?In this episode of the Privacy Partnership Podcast, Robert Bateman unpacks a highly practical new judgm...

A €746 million GDPR fine gets completely annulled by a Luxembourg court. A massive, unmitigated victory for big tech, right? Not exactly. In this episode of the Privacy Partnership Podcast, Robert Bateman dissects the highly anticipated March 1...

Can you hide an indestructible, imperceptible signature inside a basic marketing blog post? The European Commission seems to think you should try. Following the release of the Second Draft of the Code of Practice on Transparency of AI-Generated...

Are you a data broker? You might not think so, but European regulators could soon be looking at your business model and concluding otherwise.In this episode of the Privacy Partnership Podcast, Robert Bateman breaks down a revealing marke...

The ICO has issued a £14.47 million fine against Reddit for alleged children's privacy failures, officially signaling the end of the road for the age verification "honour system." But with the full penalty notice yet to be published, what can p...

Rob presents a few highlights from the EDPB's latest Coordinated Enforcement Framework report on the "right to erasure".- Poor storage limitation and retention schedule practices are leading to issues satisfying erasure requests.

In this episode of the Privacy and Partnership podcast, Rob discusses a significant ruling from the CJEU regarding WhatsApp's legal challenge against the European Data Protection Board (EDPB). The CJEU's decision allows c...

Rob discusses the recent letter from the Information Commissioner's Office (ICO) to UK government officials, highlighting the ICO's focus on economic growth and innovation. The ICO plans a statutory code of practice for AI and an "e...

On Data Protection Day 2026, Rob talks us briefly through the history of data protection in the UK: From the "data users" of the Data Protection Act 1984 to the "recognised legitimate interests" of last year's Data (Use and Access) Act.<...

Along with plans to "simplify" the GDPR, there's an AI Digital Omnibus that proposes amendments to the AI Act. In a new Joint Opinion, the EDPB and EDPS say they support the objective to simplify the law, but they don't seem to like any of the ...

Rob looks at the ICO’s newly released guidance on international transfers and what it means for UK privacy professionals.• The “Three-Step Test” for identifying restricted transfers• Why UK processors returning data to overseas contr...

The ICO and the UK Government have come to an understanding: "No surprises", "supportive challenge", and a seat at the table for the Commissioner.A Memorandum of Understanding signed today between the ICO and the UK Government formalises...

Time for the Privacy Partnership Podcast Christmas Special, where Rob looks at his top 5 data protection CJEU judgments for 2025. Here's the list of cases I summarise in this podcast, which span data transfers, non-material damages,...

The CJEU will soon hear the Belgian DPA's case against FATCA, the tax treaty that results in the systematic bulk transfer of data about thousands of "Accidental Americans" to the IRS.FATCA is a US law intended to prevent US citizens fro...

Did the CJEU just use the GDPR to junk the intermediary liability exemption and impose a general monitoring obligation? Here's a look at yesterday's Russmedia judgment.The facts are pretty grim: "X" saw an ad on an Russmedia's online mar...

A coalition of organisations and experts sent an open letter calling for a Parliamentary inquiry into the performance of the UK ICO. What's the problem, and will this work?Full disclosure: I was asked to sign this letter, but ...

In this episode of the Privacy Partnership Podcast, Rob walks you through the most important aspects of the proposed Digital Omnibus Regulation. • A new Article 88c states that processing of personal data for the development and ope...

"Death by a thousand cuts?" That's what the leaked Digital Omnibus proposals represent to the GDPR, according to noyb.eu. Here's a look at some of the most significant ideas, from the new definition of "personal data" to the narrowing of Articl...

The ICO is offering up to 40% off UK GDPR fines under its new draft Data Protection Enforcement Procedural Guidance. Here's how to take advantage of this special deal!The draft guidance updates the ICO's Regulatory Action Plan...

The DPC's TikTok decision is not that surprising if you understand the law, but it's actually a pretty huge deal to see this play out in reality. Are most international data transfers de facto illegal?TikTok enabled remote acc...

The EDPB just published its opinion on the UK's adequacy decision and it's pretty critical of the country's post-Brexit direction on data protection. But does the EDPB's opinion matter?Probably not—directly, at least.The Commissio...

What is going on between Clearview AI and the ICO?Actions against Clearview have been a test of how far digital regulation actually has extraterritorial effect. This month, we got an answer on this from the UK’s Upper Tribuna...

Discord's recent data breach exposed photo IDs used to verify users' ages. Should we blame the Online Safety Act, the Children's Code, or the UK GDPR? It's complicated. (Please excuse the unsightly cut on my forehead in this one).

Tractor Supply: The first CCPA case about job applicants' privacy (and the largest CPPA settlement yet). Don't forget: Unlike other states, California's privacy law applies to data about employees and job applicants.Tractor Su...

LinkedIn's AI training settings don't affect all users equally. Did you notice that LinkedIn will share UK users' data with Microsoft, but not EEA users? In this video, Rob looks at the background, the broader context, an...