The ICO now frames PECR around storage and access technologies, not just cookies. This article explains what SATs include, why the analytics exception remains narrow, and why compliance teams need deeper, continuous audits.

We are excited to announce that we have raised our €1.6m pre-seed round. This is a major milestone for us and we are grateful to our investors for their support.

TCF v2.3 introduces stricter vendor disclosure and runtime consent enforcement, which can silently break monetization if consent signals are not continuously validated.

This article introduces a practical framework—the Tracking Intrusiveness Score (TIS)—to help privacy professionals objectively assess and prioritize tracking risks based on a tracker’s identity persistence, data sensitivity, and usage purpose.

This explainer demystifies how the internet works behind the scenes, tracing the evolution of cookies from a privacy-preserving tool for remembering user sessions to a cornerstone of cross-site tracking and online advertising.

This article critiques the EDPB’s broad interpretation of “storage” and “access” in its ePrivacy Directive guidelines, arguing that it creates legal uncertainty for privacy-friendly practices—such as anonymous analytics and contextual ads—without meaningfully improving data protection.

This third article critiques the EDPB’s strong endorsement of a “Free Alternative Without Behavioural Advertising” (FAWBA) for large platforms, arguing it is context-specific, conceptually flawed, and often unnecessary for publishers who meet consent requirements through reasonable pricing and tracking limitations.

This article breaks down how European data protection authorities and the EDPB define the conditions under which Consent or Pay models can meet the GDPR standard of freely given consent, outlining clear criteria for pricing, alternatives, granularity, and tracking limitations.

Consent or Pay deep-dive: Framing the debate about Consent or Pay models

Within the most recent decision about the use of cookies by a Belgian publisher, the Belgian APD not only clarified its expectations for cookie compliance, but also offered insight into its methodology for putting websites to the test.

The Belgian APD (“BAPD”) has published a first decision in a series of investigations on the use of cookies by Belgian publishers. The observations leading to the EUR 50,000 fine for the first publisher in the list are based on a legacy CMP implementation. No breaking news here. More insightful are the criteria against which observations were vetted.

Have you ever tried to tally up all cookies and trackers of your company’s website? I have tried dozens of times. My first attempt involved 3 months of surveying all technical and legal colleagues. I mapped 70% of cookies, which dropped below 50% a few months down the road.

In November 2021, the European Data Protection Supervisor (“EDPS”), the most prominent EU data protection adviser, called on EU legislators to ban targeted advertising on the basis of pervasive tracking.

Looking at the vastness and richness of web pages today, I still find it surprising that standards from the origins of internet have stood the test of time? When you look at the source of any given web page, you still find HTML, styled with CSS and code to change HTML and CSS dynamically.