After the Omnibus: Consent or Red Lights?

  • Panel
  • Maritime
  • Thursday 21.05 — 11:50 - 13:05

Organising Institution

Ping (Privacy in Germany) & German Bar Association (Deutscher Anwaltverein)

Germany

Privacy in Germany (PinG) is one of the leading German law reviews on matters of data protection and privacy – not merely on the GDPR and on German data protection law but following news and hot topics internationally. PinG is cutting edga and bilingual publishing both German and English articles. The German Bar Association (Deutscher Anwaltverein – DAV) is the professional body comprising about 60.000 German lawyers and lawyer-notaries in 253 local bar associations in Germany and abroad. Being politically independent, the DAV represents and promotes the professional and economic interests of the German legal profession on German, European and international level.
  • Academic 3
  • Business 1
  • Policy 2
After nearly 8 years of the GDPR, we will discuss the concept of consent. In practice, consent is increasingly relied upon – more so than in 2018. This is mainly due to the CJEU case law on Article 6 of the GDPR, on “contract” and “legitimate interests”. It is a well-known fact that consent has its flaws. Data subjects tend to be overburdened with information and are rarely able to comprehend the exact consequences of consent. In our panel, we will discuss the shortcomings of consent and possible alternatives.

Questions to be answered

  1. In which cases is consent appropriate to protect personal data?
  2. And in which cases would it be useful to define red or green lines that distinguish between illegal and lawful processing without leaving it up to the individual data subject to protect their own data?
  3. How can we balance the need for informed consent with the practical realities of user experience, especially when consent banners are often seen as a formality?
  4. What role should regulators/lawmakers play in setting boundaries for consent and its alternatives?

Moderator

Niko Härting

Ping (Privacy in Germany) & German Bar Association - Germany

Prof. Niko Härting is founding partner of HÄRTING Rechtsanwälte, a leading boutique law firm in Berlin, specialized on media and technology issues, IT and IP law as well as data protection and privacy. He is also a law professor at the Hochschule für Wirtschaft and Recht (HWR) and chief editor of the magazine “Privacy in Germany (PinG)”. Moreover, he is one of the editors of “Computer und Recht (CR)”. Amongst his numerous publications, he has written a book on internet law. The 7th edition of “Internetrecht” was published in 2023. Since 2023, Prof. Härting is a board member of Deutscher Anwaltverein (Association of German Lawyers).

Speaker

Christiane Wendehorst

University of Vienna - Austria

Christiane Wendehorst has been Professor of Civil Law at the University of Vienna and Deputy Director of the Institute for Innovation and Digitalization in Law since 2008. She is also a founding member, former president (2017-2021), and, since 2021, Scientific Director of the European Law Institute (ELI), as well as president of Division of Humanities and Social Sciences (ÖAW). Wendehorst is an elected member of the Academia Europea (AE), the International Academy for Comparative Law (IACL), and the American Law Institute (ALI), among others. In 2024, she was awarded an honorary doctorate from the University of Bern, and in 2025 the Austrian Decoration of Honor for Science and Art. Her work currently focuses on the legal challenges of digitalization.

Speaker

Christopher Millard

Queen Mary University of London - International

Christopher Millard is Professor of Privacy and Information Law in the Centre for Commercial Law Studies at Queen Mary University of London, where he leads the Cloud Legal Project. He is also Senior Counsel to the law firm Bristows LLP. He is a Fellow and past-Chair of the Society for Computers & Law, a past-Chair of the Technology Law Committee of the International Bar Association, and past-President of the International Federation of Computer Law Associations. He has over 40 years of experience in technology law as an academic and practitioner. He is the editor and co-author of Cloud Computing Law (Oxford University Press, 2nd Edition 2021), a founding editor of the International Journal of Law and IT, and an emeritus editor of International Data Privacy Law. A selection of his papers is available on SSRN, and he is pleased to connect via LinkedIn.

Speaker

Markus Wünschelbaum

Data Protection Authority Hamburg - Germany

Dr. Markus Wünschelbaum currently serves as Policy and Data Strategy Advisor to Hamburg’s Data Protection Commissioner Thomas Fuchs. In this role, he advises on key data protection policies and strategic initiatives. Previously, he was responsible for imposing fines, fundamental data protection issues, and freedom of information. He began his career focusing on the intersection of labor law and data protection, having published an acclaimed doctoral thesis on this topic and working at an international law firm.

Speaker

Merel Van Aar

Fieldfisher - Netherlands

Merel van Aar is a lawyer at Fieldfisher, an international corporate law firm with a strong focus on technology and regulatory matters. Her expertise covers data protection, regulatory compliance, AI, and corporate transactions for technology-driven businesses. She advises innovative cross‑border clients, particularly in the technology, energy, and life sciences sectors. Having lived and worked in different countries, Merel brings a strong international perspective to her work. She also undertakes pro bono work in the field of women’s health rights. Merel is a guest lecturer at Leiden University and a member of the Young Privacy Lawyers Netherlands Association (JPAN) and the Dutch AI Lawyers Association (V‑AIA).