The Privacy Partnership Podcast with Robert Bateman
Episodes
Brillen Rottler: A German optician fights back against 'abusive' DSARs
26 Mar 2026
Contributed by Lukas
Are you seeing a rise in "copy-paste" Data Subject Access Requests (DSARs) designed primarily to extract a quick financial settlement?In thi...
Amazon's €746m fine overturned: But who actually won this case?
17 Mar 2026
Contributed by Lukas
A €746 million GDPR fine gets completely annulled by a Luxembourg court. A massive, unmitigated victory for big tech, right? Not exactly. In this ep...
Invisible, indestructible signatures: The AI Act’s text watermarking problem
11 Mar 2026
Contributed by Lukas
Can you hide an indestructible, imperceptible signature inside a basic marketing blog post? The European Commission seems to think you should try. Fol...
Are you a 'data broker'? Maybe, under the EDPB’s expanding definition
05 Mar 2026
Contributed by Lukas
Are you a data broker? You might not think so, but European regulators could soon be looking at your business model and concluding otherwise.In this e...
Reddit’s £14.5m fine and the “hard problem” of age assurance
25 Feb 2026
Contributed by Lukas
The ICO has issued a £14.47 million fine against Reddit for alleged children's privacy failures, officially signaling the end of the road for th...
EDPB highlights "right to erasure" inadequacies: Exceptions, backups, and pseudonymisation
18 Feb 2026
Contributed by Lukas
Rob presents a few highlights from the EDPB's latest Coordinated Enforcement Framework report on the "right to erasure".- Poor storage ...
CJEU: Private companies CAN sue the EDPB
10 Feb 2026
Contributed by Lukas
In this episode of the Privacy and Partnership podcast, Rob discusses a significant ruling from the CJEU regarding WhatsApp's legal challenge aga...
The ICO's planned 'experimentation regime' to attract AI firms to the UK
03 Feb 2026
Contributed by Lukas
Rob discusses the recent letter from the Information Commissioner's Office (ICO) to UK government officials, highlighting the ICO's focus on...
Happy Data Protection Day! A brief history of UK data protection law
28 Jan 2026
Contributed by Lukas
On Data Protection Day 2026, Rob talks us briefly through the history of data protection in the UK: From the "data users" of the Data Protec...
The EDPB and EDPS 'slam' AI Act reforms under the Digital Omnibus
22 Jan 2026
Contributed by Lukas
Along with plans to "simplify" the GDPR, there's an AI Digital Omnibus that proposes amendments to the AI Act. In a new Joint Opinion, ...
Happy New Year? A look at the ICO's new 'international data transfers' guidance
15 Jan 2026
Contributed by Lukas
Rob looks at the ICO’s newly released guidance on international transfers and what it means for UK privacy professionals.• The “Three-Step Test”...
'No surprises': The ICO and the Government come to an understanding
08 Jan 2026
Contributed by Lukas
The ICO and the UK Government have come to an understanding: "No surprises", "supportive challenge", and a seat at the table for t...
Christmas Special: The top 5 data protection CJEU cases of 2025
17 Dec 2025
Contributed by Lukas
Time for the Privacy Partnership Podcast Christmas Special, where Rob looks at his top 5 data protection CJEU judgments for 2025. Here's the lis...
The Accidental Americans v FATCA: Like the Schrems cases, but for tax
10 Dec 2025
Contributed by Lukas
The CJEU will soon hear the Belgian DPA's case against FATCA, the tax treaty that results in the systematic bulk transfer of data about thousands...
Did the CJEU just junk the EU's intermediary liability AND general monitoring rules? X v Russmedia
03 Dec 2025
Contributed by Lukas
Did the CJEU just use the GDPR to junk the intermediary liability exemption and impose a general monitoring obligation? Here's a look at yesterda...
The 'final straw': Open letter calls for inquiry into the ICO
26 Nov 2025
Contributed by Lukas
A coalition of organisations and experts sent an open letter calling for a Parliamentary inquiry into the performance of the UK ICO. What's the p...
It's here! Major proposed GDPR changes under the Digital Omnibus Regulation
20 Nov 2025
Contributed by Lukas
In this episode of the Privacy Partnership Podcast, Rob walks you through the most important aspects of the proposed Digital Omnibus Regulation. • ...
GDPR's "death by 1000 cuts"? A look at the leaked Digital Omnibus draft
11 Nov 2025
Contributed by Lukas
"Death by a thousand cuts?" That's what the leaked Digital Omnibus proposals represent to the GDPR, according to noyb.eu. Here's a...
Up to 40% off UK GDPR fines! The ICO's draft enforcement guidance
04 Nov 2025
Contributed by Lukas
The ICO is offering up to 40% off UK GDPR fines under its new draft Data Protection Enforcement Procedural Guidance. Here's how to take advantage...
The TikTok China decision: A de facto ban on international data transfers?
29 Oct 2025
Contributed by Lukas
The DPC's TikTok decision is not that surprising if you understand the law, but it's actually a pretty huge deal to see this play out in rea...
The EDPB's long list of problems with UK data protection standards
21 Oct 2025
Contributed by Lukas
The EDPB just published its opinion on the UK's adequacy decision and it's pretty critical of the country's post-Brexit direction on da...
What is going on between the ICO and Clearview AI? The UK GDPR's scope and the meaning of "monitoring behaviour".
15 Oct 2025
Contributed by Lukas
What is going on between Clearview AI and the ICO?Actions against Clearview have been a test of how far digital regulation actually has extraterritori...
Discord's photo ID breach: Are the UK GDPR and Online Safety Act to blame?
07 Oct 2025
Contributed by Lukas
Discord's recent data breach exposed photo IDs used to verify users' ages. Should we blame the Online Safety Act, the Children's Code, ...
Tractor Supply: The first CCPA case involving HR data
02 Oct 2025
Contributed by Lukas
Tractor Supply: The first CCPA case about job applicants' privacy (and the largest CPPA settlement yet). Don't forget: Unlike other states, ...
LinkedIn's AI training plans are back, but not all users are treated equally
24 Sep 2025
Contributed by Lukas
LinkedIn's AI training settings don't affect all users equally. Did you notice that LinkedIn will share UK users' data with Microsoft, ...
The ICO is consulting on guidance on the new cookie rules—and whether to enforce them.
18 Sep 2025
Contributed by Lukas
The ICO has yet MORE draft guidance, this time on the UK's upcoming changes to the law on cookies (etc). At the same time, it's running a &q...
The first criminal prosecution for 'ignoring' a DSAR: More common than we think?
10 Sep 2025
Contributed by Lukas
An individual has been criminally prosecuted for "ignoring" or having "blocked, erased, or concealed" a subject access request. A ...
What does 'without undue delay' ACTUALLY MEAN? IL v Veracash
03 Sep 2025
Contributed by Lukas
All over EU and UK law, we see a requirement to report certain stuff "without undue delay", often coupled with a hard deadline period (e.g.,...
More ICO guidance! Recognised legitimate interests
27 Aug 2025
Contributed by Lukas
More draft ICO guidance! This time, about one of the Data (Use and Access) Act's most important concepts: "Recognised legitimate interests&q...
How to handle data subject complaints: New draft ICO guidance
22 Aug 2025
Contributed by Lukas
In advance of new obligations under the Data (Use and Access) Act, the ICO has published some draft guidance on handling data subject complaints. This...
UK Data (Use and Access) Act: The first provisions take effect
20 Aug 2025
Contributed by Lukas
Some parts of the Data (Use and Access) Act (DUAA) take effect today! This is our first chance to see how the Act is actually going to operate in prac...
The Online Safety Act's tensions with the UK GDPR
07 Aug 2025
Contributed by Lukas
The Online Safety Act is why you might have been asked for your driver's licence on Reddit, X, and some... other websites. In this video, I expla...
AI Act: Should you be watermarking your AI-generated content?
04 Aug 2025
Contributed by Lukas
Are you using an in-house tool powered by an AI model from OpenAI, Google, or Meta to produce marketing copy? You might soon be responsible for waterm...
The ICO's Birthlink Fine: Accountability, Integrity, and the 'Public Sector Approach' (?)
30 Jul 2025
Contributed by Lukas
Last week, the ICO fined Scottish charity Birthlink £18,000 for destroying around 4,800 adoption records. In this video, Rob explains why this is suc...
Access to Customer and Business Data Under the DUAA with Boris Wojtan
28 Jul 2025
Contributed by Lukas
I spoke to Boris Wojtan, Senior Privacy Counsel at Privacy Partnership Law, about "Access to Customer and Business Data" under Part 1 of the...