Keller and Heckman has submitted comments to the European Data Protection Board (EDPB) in the context of a public consultation on their draft guidelines 2/2023 on the Technical Scope of Art. 5(3) of ePrivacy Directive, on behalf of various organisations that wished to contribute in a meaningful manner without drawing attention to their identity.
Peter Craddock
Peter Craddock helps companies innovate and use data better in the European Union (EU) and worldwide by providing strategic advice and legal assistance in the areas of privacy, data protection, data governance, AI governance, cybersecurity, e-commerce, digitalization, and software contracting. Peter’s practice covers advisory work, contract drafting, and negotiation, as well as representation of clients in litigation before data protection authorities or the courts.
He has recognized in-depth knowledge in complex matters such as online advertising and content personalization, data-intensive operations such as credit scoring and anti-fraud profiling, and digital marketing.
Peter’s legal experience and distinctive background as a software developer serve him well in advising global clients on new and existing technologies, from artificial intelligence (AI) to novel user identification techniques, and in analyzing data protection laws and regulations with a fresh perspective. He counsels clients through the intricacies of developing new initiatives in compliance with data protection and cybersecurity requirements and has developed smart compliance tools for clients to that end. Among the tools made available to a broader public, a data breach risk assessment tool that he built was awarded a “Highly Commended” label at the Financial Times Innovative Lawyers Awards 2019, and his General Data Protection Regulation (GDPR) fine calculation tool, DeFine, helps organizations better understand data protection financial risks.
Prior to joining Keller and Heckman, Peter was a partner at an international law firm in Brussels, where he focused on providing data protection advice under EU and local law.
AI Regulation: The Next Frontier
As the federal government continues to wrestle with the complex issue of regulating Artificial Intelligence (AI) in the wake of the release of President Biden’s Executive Order, states have already proposed or enacted AI regulation, and even more will attempt to tackle the issue in 2024. Two recent developments in AI regulation from California…
Why every company with digital activities should comment on the EDPB’s new ePrivacy guidelines
So much for tackling consent fatigue. The short version: If unchanged, the new EDPB guidelines on what is known as the “cookie” rule would extend that rule to cover nearly every communication over the Internet and any use of software on a computer. Your business is probably more impacted than you might think, and it…
Contract as Legal Ground? New CJEU Ruling Creates Risks Re Personalisation
What kinds of processing are necessary for the performance or conclusion of a contract?
This is one of the questions the Court of Justice of the European Union (CJEU) was asked to examine in case C-252/21 between Meta Platforms and the German Federal Cartel Office, in which it delivered a judgment on July 4th…
Soon Higher GDPR Fines in Belgium? Court Decision Paves Way for Public Fining Methodology
Until now, fines by the Belgian Data Protection Authority (BDPA) had, compared to its neighbouring countries (France, Luxembourg, and the Netherlands), appeared on the low side in absolute numbers.
Last year we carried out an analysis of over 300 fines related to (alleged) infringements of the General Data Protection Regulation (GDPR), including the top 250…
EU Cyber Resilience Act: Cybersecurity Obligations for Connectable Hardware and Software Products Including IoT
The Internet of Things (IoT) segment has grown, and with it have come many examples of vulnerable products, from babycams whose feeds could be viewed by strangers online to hackable implantable cardiac devices. There are also infamous examples of botnets (i.e., clusters of hacked devices) featuring millions of IoT devices with one common trait: weak…
Thought Those 300 GDPR Fines Were High? Think Again
Since it started in May 2018, enforcement of the rules of the General Data Protection Regulation (GDPR) across the EU has revealed various national trends and differences in approach. Yet one difference seems to dwarf all others: the variation in the amount of the fines for GDPR violations. This has led the European Data Protection…
Meet DeFine, a GDPR Fine Calculator
On May 12, 2022, the European Data Protection Board published guidelines with a methodology for calculating fines for violations of the General Data Protection Regulation (GDPR). These guidelines were subject to a public consultation until June 27, 2022.
Because these guidelines are likely to have an influence on future decisions by data protection authorities in…
Is a Privacy Shield Replacement on the Horizon?
After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that…
EDPB on Dark Patterns: Lessons for Marketing & Technical Teams
“Dark patterns” – social media platform interfaces that can lead users to make unintended and potentially harmful decisions regarding the processing of their personal data – are a subject of increasing scrutiny in the EU. New guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm the focus…