Dear friend:

Monday was quite a crazy day.
And let's leave it at that because we have a ton of things here.

No, what Musk did was not a "Roman salute," as Néstor Marqués explains in this thread.

We are Jorge García Herrero and Darío López Rincón, specialists in resolving complex issues related to personal data protection. If you have such issues, contact us by email at jgh(at)jorgegarciaherrero.com.

Thank you for reading Zero Party Data! Subscribe—it's free!

To the core:

📄Data-heavy documents for coffee-lovers☕️

.- The document of the week (and it could even be considered the “paper” of the week) is undoubtedly the EDPB's guidelines on pseudonymization.
My two cents: The EDPB came out playing strong defense, focusing on the obligations of the data controller sharing pseudonymized data while astonishingly making no reference to the three tidal waves that have swept this issue in 2023 and 2024: the EDPS/SRB, IAB, and Scania rulings from the EU Court of Justice. My commentary here.

Notable comments on these guidelines (so far, since there’s a lot to discuss) include those by Peter Craddock and Andreea Lisievici, highlighting the positives. Also Ruth Boardman´s and the funniest: David Wagner´s.

The most interesting thread about the U.S. Supreme Court decision upholding the TikTok ban, in my opinion, is this one by Marc Rotenberg. Not just for its insights but also for the engaging comment section it sparked.

In September, the Data Act will come into effect. Phil Lee often shares helpful infographics to visually explain complex legal articles. His latest one explains timelines for obligations related to cloud provider portability.

The EDPB owns this week with three documents published between Friday and now, including their conclusions on the coordinated action regarding the right of access by Member States. This builds on earlier questionnaires sent to DPOs and signals future developments in this complex area. Highlights include:

• Guidelines are not as well-known or applied as they should be.

• Pay attention to limitations on the right to dump the most common databases. The guidelines mention metadata, backups, pseudonymized data, and more.

• Specific obligations to provide information about individuals managing data under treatment—watch out for internal communications or emails subject to access requests.

• A right to an unaltered copy of processed personal data exists but not necessarily the container (documents).

• Denying full delivery during successive right-of-access requests is poor practice.

• Retention practices often lead to non-compliance, especially regarding video surveillance, where transcripts may often be preferable to blurred footage.

Another comment on the same document can be found by Laszlo Pok.

💀Death by Meme🤣

🗞️News from DataWorld🌍

• Like disinformation before it, AI deepfakes are gradually weaving into our digital daily lives. By the way: Have you heard the tale about the frog that doesn’t jump out of boiling water if it’s heated slowly? Empirical evidence shows this story is as much of a myth as any other old wives’ tale.

  “It does not have to be explicit to be exploitative,” McNamara said. “If it's crossing boundaries to do something offline to someone without their consent—kissing, undressing, etc.—then it's also crossing boundaries to do that online.”

• Kashmir Hill’s article on the woman who fell in love with her ChatGPT-lover boyfriend left me speechless. I even summarized it to see if someone will take notice—like Jordi Pérez from El País, who is looking for similar cases in the EU.

• You must admit, this dark pattern is, at the very least, inventive. Illegal, yes—but inventive nonetheless. Via Brian Clifton.

.- Johnny Ryan is suing Google again. This snippet from the lawsuit illustrates how sensitive data Google provides for targeting doesn’t show any signs of improvement. Things aren’t getting better—not at all.

🤖"Robot.txt" or "The AI Stuff"

• Kevin Schawinski highlights an under-discussed point regarding the AI Act: It shares far more similarities with medical device regulations than with GDPR. He proves this with a simple side-by-side comparison.

• Meta employees allegedly discussing removing copyright management information is a story as self-explanatory as its title.

📚 The Book of the Week

.- “It feels like we’re at war. Left and right fight over abortion, immigration, gender identity, multiculturalism, and race. Both sides use war metaphors to rally their troops. They urge us to ‘fight’ for the future, to ‘defend’ core values, and to ‘win the battle’ for our country...

But comparing politics to war motivates people to donate to campaigns while harming democracy. Democracy demands cooperation and compromise for the nation’s good. War, on the other hand, allows us to hate the other side, to attack them. This book seeks to transcend the idea of a cultural war and offer a nuanced understanding of the psychology of the other side. This ‘moral understanding’ can help us see the other side as decent people, which may defuse collective hatred.

The problem is that seeking understanding can feel like betrayal. In war, even the slightest empathy can seem traitorous. When I mentioned to people—progressive and conservative alike—that I was writing a book on moral understanding, some recoiled. They asked why they should try to understand a group that seemed to hate them, trying to destroy their way of life.”

Likewise “Castellio Against Calvin” by Stefan Zweig—a perfect exploration of the darker sides of today’s social media discourse—was my favorite holiday read.

🙄 The Final Laugh

Eleanor Morton at her best.

Thank you for reading Zero Party Data!

See you next week!