The Privacy Partnership Podcast with Robert Bateman
Episodes
Regulating the reality of adtech: The ICO’s recommended PECR reforms
27 May 2026
Contributed by Lukas
The internet’s worst-kept secret is that basic digital advertising operations involve breaking privacy laws millions of times a day. But instead of ...
Decoding the AI Act: A first look at the Commission’s "high-risk" draft guidelines
20 May 2026
Contributed by Lukas
The European Commission just dropped its highly anticipated first set of draft guidelines on high-risk AI classification under the AI Act—all 150 pa...
Get 40% off an ICO fine! The South Staffordshire case and early settlements
15 May 2026
Contributed by Lukas
How do you knock 40% off a looming data protection fine? In this episode of the Privacy Partnership Podcast, Rob Bateman breaks down the recent £963,...
RTM v Bonne Terre: Court of Appeal redraws the line on consent
30 Apr 2026
Contributed by Lukas
The Court of Appeal has ruled that consent under the UK GDPR and PECR is objective. A data subject's hidden vulnerabilities are not, in themselve...
What actually counts as 'scientific research'? Here's the EDPB's six-point answer
21 Apr 2026
Contributed by Lukas
On 15 April 2026, the European Data Protection Board adopted Guidelines 1/2026 on the processing of personal data for scientific research purposes. Th...
'Clarity in action'?! The EDPB's 2025 annual report and litigation battles
14 Apr 2026
Contributed by Lukas
In this episode, Rob looks at the newly published European Data Protection Board (EDPB) annual report for 2025. We are skipping the usual backward-loo...
AI in recruitment: ICO highlights poor practices as UK overhauls automated decision-making rules
07 Apr 2026
Contributed by Lukas
Are your hiring managers quietly letting an algorithm bin hundreds of job applications while claiming a human is technically in charge?This week on th...
Brillen Rottler: A German optician fights back against 'abusive' DSARs
26 Mar 2026
Contributed by Lukas
Are you seeing a rise in "copy-paste" Data Subject Access Requests (DSARs) designed primarily to extract a quick financial settlement?In thi...
Amazon's €746m fine overturned: But who actually won this case?
17 Mar 2026
Contributed by Lukas
A €746 million GDPR fine gets completely annulled by a Luxembourg court. A massive, unmitigated victory for big tech, right? Not exactly. In this ep...
Invisible, indestructible signatures: The AI Act’s text watermarking problem
11 Mar 2026
Contributed by Lukas
Can you hide an indestructible, imperceptible signature inside a basic marketing blog post? The European Commission seems to think you should try. Fol...
Are you a 'data broker'? Maybe, under the EDPB’s expanding definition
05 Mar 2026
Contributed by Lukas
Are you a data broker? You might not think so, but European regulators could soon be looking at your business model and concluding otherwise.In this e...
Reddit’s £14.5m fine and the “hard problem” of age assurance
25 Feb 2026
Contributed by Lukas
The ICO has issued a £14.47 million fine against Reddit for alleged children's privacy failures, officially signaling the end of the road for th...
EDPB highlights "right to erasure" inadequacies: Exceptions, backups, and pseudonymisation
18 Feb 2026
Contributed by Lukas
Rob presents a few highlights from the EDPB's latest Coordinated Enforcement Framework report on the "right to erasure".- Poor storage ...
CJEU: Private companies CAN sue the EDPB
10 Feb 2026
Contributed by Lukas
In this episode of the Privacy and Partnership podcast, Rob discusses a significant ruling from the CJEU regarding WhatsApp's legal challenge aga...
The ICO's planned 'experimentation regime' to attract AI firms to the UK
03 Feb 2026
Contributed by Lukas
Rob discusses the recent letter from the Information Commissioner's Office (ICO) to UK government officials, highlighting the ICO's focus on...
Happy Data Protection Day! A brief history of UK data protection law
28 Jan 2026
Contributed by Lukas
On Data Protection Day 2026, Rob talks us briefly through the history of data protection in the UK: From the "data users" of the Data Protec...
The EDPB and EDPS 'slam' AI Act reforms under the Digital Omnibus
22 Jan 2026
Contributed by Lukas
Along with plans to "simplify" the GDPR, there's an AI Digital Omnibus that proposes amendments to the AI Act. In a new Joint Opinion, ...
Happy New Year? A look at the ICO's new 'international data transfers' guidance
15 Jan 2026
Contributed by Lukas
Rob looks at the ICO’s newly released guidance on international transfers and what it means for UK privacy professionals.• The “Three-Step Test”...
'No surprises': The ICO and the Government come to an understanding
08 Jan 2026
Contributed by Lukas
The ICO and the UK Government have come to an understanding: "No surprises", "supportive challenge", and a seat at the table for t...
Christmas Special: The top 5 data protection CJEU cases of 2025
17 Dec 2025
Contributed by Lukas
Time for the Privacy Partnership Podcast Christmas Special, where Rob looks at his top 5 data protection CJEU judgments for 2025. Here's the lis...
The Accidental Americans v FATCA: Like the Schrems cases, but for tax
10 Dec 2025
Contributed by Lukas
The CJEU will soon hear the Belgian DPA's case against FATCA, the tax treaty that results in the systematic bulk transfer of data about thousands...
Did the CJEU just junk the EU's intermediary liability AND general monitoring rules? X v Russmedia
03 Dec 2025
Contributed by Lukas
Did the CJEU just use the GDPR to junk the intermediary liability exemption and impose a general monitoring obligation? Here's a look at yesterda...
The 'final straw': Open letter calls for inquiry into the ICO
26 Nov 2025
Contributed by Lukas
A coalition of organisations and experts sent an open letter calling for a Parliamentary inquiry into the performance of the UK ICO. What's the p...
It's here! Major proposed GDPR changes under the Digital Omnibus Regulation
20 Nov 2025
Contributed by Lukas
In this episode of the Privacy Partnership Podcast, Rob walks you through the most important aspects of the proposed Digital Omnibus Regulation. • ...
GDPR's "death by 1000 cuts"? A look at the leaked Digital Omnibus draft
11 Nov 2025
Contributed by Lukas
"Death by a thousand cuts?" That's what the leaked Digital Omnibus proposals represent to the GDPR, according to noyb.eu. Here's a...
Up to 40% off UK GDPR fines! The ICO's draft enforcement guidance
04 Nov 2025
Contributed by Lukas
The ICO is offering up to 40% off UK GDPR fines under its new draft Data Protection Enforcement Procedural Guidance. Here's how to take advantage...
The TikTok China decision: A de facto ban on international data transfers?
29 Oct 2025
Contributed by Lukas
The DPC's TikTok decision is not that surprising if you understand the law, but it's actually a pretty huge deal to see this play out in rea...
The EDPB's long list of problems with UK data protection standards
21 Oct 2025
Contributed by Lukas
The EDPB just published its opinion on the UK's adequacy decision and it's pretty critical of the country's post-Brexit direction on da...
What is going on between the ICO and Clearview AI? The UK GDPR's scope and the meaning of "monitoring behaviour".
15 Oct 2025
Contributed by Lukas
What is going on between Clearview AI and the ICO?Actions against Clearview have been a test of how far digital regulation actually has extraterritori...
Discord's photo ID breach: Are the UK GDPR and Online Safety Act to blame?
07 Oct 2025
Contributed by Lukas
Discord's recent data breach exposed photo IDs used to verify users' ages. Should we blame the Online Safety Act, the Children's Code, ...
Tractor Supply: The first CCPA case involving HR data
02 Oct 2025
Contributed by Lukas
Tractor Supply: The first CCPA case about job applicants' privacy (and the largest CPPA settlement yet). Don't forget: Unlike other states, ...
LinkedIn's AI training plans are back, but not all users are treated equally
24 Sep 2025
Contributed by Lukas
LinkedIn's AI training settings don't affect all users equally. Did you notice that LinkedIn will share UK users' data with Microsoft, ...
The ICO is consulting on guidance on the new cookie rules—and whether to enforce them.
18 Sep 2025
Contributed by Lukas
The ICO has yet MORE draft guidance, this time on the UK's upcoming changes to the law on cookies (etc). At the same time, it's running a &q...
The first criminal prosecution for 'ignoring' a DSAR: More common than we think?
10 Sep 2025
Contributed by Lukas
An individual has been criminally prosecuted for "ignoring" or having "blocked, erased, or concealed" a subject access request. A ...
What does 'without undue delay' ACTUALLY MEAN? IL v Veracash
03 Sep 2025
Contributed by Lukas
All over EU and UK law, we see a requirement to report certain stuff "without undue delay", often coupled with a hard deadline period (e.g.,...
More ICO guidance! Recognised legitimate interests
27 Aug 2025
Contributed by Lukas
More draft ICO guidance! This time, about one of the Data (Use and Access) Act's most important concepts: "Recognised legitimate interests&q...
How to handle data subject complaints: New draft ICO guidance
22 Aug 2025
Contributed by Lukas
In advance of new obligations under the Data (Use and Access) Act, the ICO has published some draft guidance on handling data subject complaints. This...
UK Data (Use and Access) Act: The first provisions take effect
20 Aug 2025
Contributed by Lukas
Some parts of the Data (Use and Access) Act (DUAA) take effect today! This is our first chance to see how the Act is actually going to operate in prac...
The Online Safety Act's tensions with the UK GDPR
07 Aug 2025
Contributed by Lukas
The Online Safety Act is why you might have been asked for your driver's licence on Reddit, X, and some... other websites. In this video, I expla...
AI Act: Should you be watermarking your AI-generated content?
04 Aug 2025
Contributed by Lukas
Are you using an in-house tool powered by an AI model from OpenAI, Google, or Meta to produce marketing copy? You might soon be responsible for waterm...
The ICO's Birthlink Fine: Accountability, Integrity, and the 'Public Sector Approach' (?)
30 Jul 2025
Contributed by Lukas
Last week, the ICO fined Scottish charity Birthlink £18,000 for destroying around 4,800 adoption records. In this video, Rob explains why this is suc...
Access to Customer and Business Data Under the DUAA with Boris Wojtan
28 Jul 2025
Contributed by Lukas
I spoke to Boris Wojtan, Senior Privacy Counsel at Privacy Partnership Law, about "Access to Customer and Business Data" under Part 1 of the...