Exploring the lands of GDPR, DSA and DMA: Using the consent umbrella when it’s raining with data

  • Panel
  • Orangerie
  • Thursday 21.05 — 14:15 - 15:30

Organising Institution

Erasmus Center of Law and Digitalization, as part of Erasmus University Rotterdam

Netherlands

At the Erasmus Center of Law and Digitalization, we are at the forefront of exploring the intersection between law, technology, and society. The Erasmus Center of Law and Digitalization strives to promote cutting-edge research in the field of law and digitalization by stimulating collaboration and further developing the impact of law and digitalization research both in academia and practice. A series of research and teaching activities on law and digitalization at Erasmus School of Law have attracted national and international recognition in both academia and practice. Therefore, we established the Erasmus Center of Law and Digitalization (ECLD) in which we partner with the Sectorplan SSH-Breed to provide a home to all these different initiatives while at the same time give impetus to further promote research in the realm of law and digitalization.
  • Academic 2
  • Business 2
  • Policy 2
In the age of ticking boxes, we are gradually losing track of what we agree to: be it on social media, marketplaces, or even healthcare apps. The GDPR is the cornerstone of consent in the EU, but, recent phenomena such as platformisation and datafication established the premises of two new tools aimed at ensuring that the EU digital market is fostering both (a) a safe online environment for consumers (DSA) and (b) fair competition (DMA). This panel aims to dive into how this trichotomy works when it comes to consent mechanisms, looking at current challenges, trends and harmonisation ideas. The diverse expertise of the panellists allows us to illustrate a cross-sectoral perspective, which combines academia, policy-making, private practice and enforcement.

Questions to be answered

  1. What are, in your view, the strong and the weak points of consent across the GDPR, DSA and DMA?
  2. Do you find the concerns you raised present only in private sector relationships or also in citizen-state ones? Please consider public-private partnerships too.
  3. How would you describe, in up to 3 words, pre-ticked boxes and blanket consent applications? Please elaborate.
  4. What are your recommendations for facilitating (or “simplifying “) the cross-regulatory stance of consent among these three legal instruments, if any?

Moderator

Larisa Munteanu

Erasmus Center of Law and Digitalization, as part of Erasmus University Rotterdam - Netherlands

Larisa Munteanu graduated as one of the top students from the Faculty of Law of Babeș-Bolyai University, Cluj-Napoca, Romania, then collaborated with UK clients for data protection projects. She is now the Founder of Protector PriVit and a CIPM and CIPP/E Data Protection Lawyer and Officer, accredited by the IAPP. Her main interests are cyber-crimes, data protection and AI, working for a wide clientbase that covers both private and public sector. In parallel, Larisa is a PhD researcher at Erasmus University Rotterdam, where she is conducting an analysis on how companies can (legally) reject data protection requests hiding malware attacks. She also has numerous publications, being a speaker for many international conferences, webminars, podcasts, and trainings. In 2022, Larisa won the Best International Future Lawyer Award, as part of the 60th Annual Congress of the International Association of Young Lawyers, held in Singapore. More recently, her expertise was recognised by the Court of Justice of the European Union, where she delivered training on data protection, copyright and AI and also the European Institute of Public Administration.

Speaker

Adrianus van Heusden

European Commission - Europe

Dr. Aad van Heusden is Digital Services Act (DSA) Officer for the Netherlands at the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT). In this role, he is responsible for contributing to the supervision and enforcement of the DSA, coordinating closely with national authorities and stakeholders to ensure its effective and consistent implementation across the European Union.

Speaker

Paloma Krõõt Tupay

University of Tartu - Estonia

Paloma Krõõt Tupay is Associate Professor of Constitutional Law at the University of Tartu. Her work focuses on fundamental rights, governance and administrative law, data protection, e-governance, and digital constitutionalism. She has served as a legal adviser to the President of Estonia and to the Minister of the Interior. Tupay studied law at the universities of Passau and Freiburg in Germany and earned her doctorate (Dr. iur.) from the University of Cologne. She has published on topics such as GDPR and e-government, AI in public administration, and Estonian constitutional law; she also co-edited and -authored with Martin Ebers in 2023 a book on legal aspects of the use of AI and ML in the public sector (Springer).

Speaker

David Korteweg

Authority for Consumers and Markets in the Netherlands - Netherlands

David Korteweg is a senior enforcement official at the Authority for Consumers and Markets (ACM) working on the enforcement of the Digital Services Act. The ACM is appointed as the Digital Services Coordinator in the Netherlands. He previously worked as a policy advisor at the digital rights organisation Bits of Freedom and was an IT-lawyer at Kennedy Van der Laan.

Speaker

Felix Mikolasch

noyb - Austria

Felix Mikolasch is a Data Protection Lawyer at noyb - European Center for Digital Rights, a Vienna-based not-for-profit association focused on strategic GDPR enforcement.