Marc Dautlich and Jamie Cox analyse the recent Proximus NV v Gegevensbeschermingsautoriteit [2022] opinion, highlighting the implications for controllers in supply chains, in an article first published in the Solicitors Journal, August 2022 edition.

In a recent opinion, Advocate General Collins examined the scope of obligations in supply chains where multiple controllers process data for the same purpose, with a focus on the ePrivacy directive and the EU’s General Data Protection Regulation (GDPR). The Advocate General suggested that:

1. Any controller should not assume that an individual has consented to the processing of their data.
2. A data subject is free to approach any controller in a supply chain to withdraw consent for the processing of their data or request the erasure of their personal data.

Data privacy experts, Marc and Jamie, go on to explain the wider implications of this ruling and provide some insight on what elements controllers in such a supply chain should review following the opinion.

Interested to know more? Marc and Jamie also wrote a longer analysis for Lexis PSL, see here.