Codifying SRB in the GDPR: Legal Clarity or a Free Pass for AdTech?

The CJEU's SRB v. EDPS ruling confirmed the relative, context-specific standard for identifying personal data. In its quest for simplification, the European Commission is proposing to codify this case law into the GDPR via the Digital Omnibus. It also proposes to reform the ePrivacy framework. Meanwhile, the EDPB is working on guidelines on anonymization and pseudonymization. Taken together, do these developments represent a genuine legal clarification and bring the expected simplification? Do they enable to foster robust pseudonymization and other privacy enhancing technologies? Do they draw a clearer line between personal and non-personal data and the scope of the GDPR? What could be the consequences for the AdTech industry? This panel brings together experts to assess the impact of these proposed changes, assess where the threshold of personal data would be, what robust pseudonymization would mean in practice and how the evolving legal framework would look like in practice for online advertising.

What you will learn: 

• How the SRB v. EDPS ruling and the Digital Omnibus codification impact the legal threshold for "personal data" in AdTech contexts and what it means operationally. 
• What regulators currently expect from pseudonymization and anonymization claims in advertising ecosystems, based on EDPB guidance under consultation. 
• Where the genuine compliance opportunities lie versus the legal risks of over-relying on anonymization as a basis for data processing in digital advertising.