On 4 Sept., the Court of Justice of the European Union gave its highly anticipated decision in the EDPS v. SRB case. In its landmark ruling, the CJEU clarified the definition of personal data under the EU General Data Protection Regulation, and, in essence, the scope of EU data protection law.
For Ulrich Baumgartner, CIPP/E, a partner at Baumgartner Baumann and IAPP Country Leader for the DACH region, the ruling demonstrates a continued "relative approach" by the court, but it also provides a significant clarification against what he believes has been an "absolutist" approach by the European Data Protection Supervisor and other EU data protection authorities.
Though the ruling provides important clarity for personal data, pseudonymity and anonymity, it also raises other questions. Either way, there are concrete takeaways for data protection professionals. IAPP Editorial Director Jedidiah Bracy recently caught up with Baumgartner to discuss the implications of the ruling, including what it can mean for the Data Act, data processing agreements and more.
Listen here
