Last week's GDPR/CCPA spam is a Princeton study but it's still very wrong. Careless selection, fake e-mails not declaring it's research, and worst ending with a legal threat that is a lie. Pleased with the responsiveness of the people at Radboud I approached about this, looking forward to Princeton responding to complaint as to what went wrong.

Todays publication shows the Irish DPA worked to undermine the GDPR, which imo makes them unfit for purpose as a regulator.

This is very welcome news. The expansive and irritating ‘consent’ forms that IAB makes available to a wide range of sites is about to be judged in violation of the GDPR by the Belgian DPA.

I replaced all (affiliate) links since 2002 to Amazon in my blog with links to author's sites, wikipedia, openlibrary, webarchive or publisher's pages. Thus further reducing 3rd party tracking in my blog.

To further fulfill the mission of not having tracking on my site, I stop embedding Flickr images. is a great project collecting GDPR decisions across the EU, run by Europe's leading GDPR activists. I've become a member of noyb, to help ensure their continued existence, and asked about volunteering for to help summarize Dutch GDPR decisions in English.

Is there a site somewhere that collects all DPA decisions and court verdicts related to across EU Member States?

Amazon has been fined about 1 day of turnover for adtech being in fundamental conflict with the GDPR. Their public reaction refuses to acknowledge Amazon understands the GDPR by saying 'but there wasn't a data breach!' As if their own conduct can't be reason enough.

My first reading of the yet to be published EU Regulation on the European Approach for Artificial Intelligence I find pretty good.

Recently added @hackylawyER blog to my feedreader as it's a very useful read. Such as last weeks posting on the (im)possibilities of GDPR compliance of blockchain projects. Good reference list for bound to come up conversations with clients.


Ton's personal Mastodon instance