Blog

For a more technical legal argument, see the paper linked here.

On 14 July, the Norwegian Data Protection Authority (DPA) imposed a temporary three-month ban on “behavioural advertising” on Facebook and Instagram to users based in Norway. The decision relied on the “urgency procedure” under the General Data Protection Regulation (GDPR), which exceptionally allows direct regulatory interventions by other national authorities than the authority of the country where the business is registered (here: Ireland).

By Mikołaj Barczentewicz (0xMikolaj) Thanks to Barnabé Monnot, Caspar Schwarz-Shilling (EF RIG), and Quintus Kilbourn (Flashbots) for their comments and discussion. This work is supported by a grant from the Ethereum Foundation (more information about the larger research project).

Previously published by Lawfare on 6 July 2023. Among the regulatory tools created by the European Union’s Digital Markets Act (DMA)—landmark competition legislation that took effect across the EU last November—is a mandate that the largest digital-messaging services must be made interoperable.

Yesterday, I delved into the recent judgment in the Meta case (Case C-252/21) from the Court of Justice of the European Union (CJEU). I gave a preliminary analysis of the Court’s view on some of the complexities surrounding the processing of personal data for personalized advertising under the GDPR, focusing on three lawful bases for data processing - contractual necessity, legitimate interest, and consent.

Today’s judgment from the Court of Justice of the European Union (CJEU) in Meta’s case (Case C-252/21) offers new insights into the complexities surrounding personalized advertising under the EU General Data Protection Regulation (GDPR).

Co-authored with Alex Sarch and Natasha Vasan. Originally published by The FinReg Blog, Duke University (6 June 2023). Markets built on public, permissionless blockchains like Ethereum are radically transparent. While pending transactions in traditional finance are considered private information, viewable only by brokers or corporate insiders, transactions submitted to Ethereum’s public mempool—where they wait to be included on the blockchain—are publicly known.

I spoke to Eric Seufert for his Mobile Dev Memo podcast (“the site of record for mobile advertisers and app developers”) about how the new EU Digital Markets Act (DMA) and Digital Services Act (DSA) may affect online advertising.

Co-authored with Geoffrey Manne. Originally published by The Times of India (28 March 2023). Mandates to restrict the flow of data across national boundaries have taken hold in a growing number of jurisdictions, including India.

I spoke to Eric Seufert for his Mobile Dev Memo podcast (“the site of record for mobile advertisers and app developers”) about recent developments in EU privacy law applicable to online advertising.