🎙️ Top 5 Insights from the Podcast with Arletta Gorecka

Topic: Competition Law, Privacy & the Facebook Case

1. Facebook’s Exploitation = Competition Breach via Privacy Violations

• The German competition authority found Facebook abused its dominant position not through pricing or exclusion but by violating users' privacy.
• Consent was often buried in complex terms; users weren’t truly aware they were agreeing to pervasive data tracking.
  Insight: This case set a precedent for framing GDPR breaches as competition law violations.

2. Excessive Data Collection Can Be Anti-Competitive

• Under Article 102 TFEU, collecting personal data in ways users don’t understand can be seen as an exploitative abuse.
• Even “privacy-enhancing” features like Apple ATT and Google Privacy Sandbox may still mislead or confuse users.
  Point: Quality degradation (privacy loss) can now be treated as harm to consumers — even if there’s no price involved.

3. “Privacy Traps” Are a Growing Concern

• Whether a platform claims to be privacy-friendly or not, users can still be manipulated or exploited.
• Alet introduces the idea of the “privacy trap” — where both pro-privacy and anti-privacy approaches can lead to exploitative practices.
  Key Thought: It’s not just about collecting data — it’s about how and why it’s being collected.

4. EU Law Now Recognises GDPR Breaches in Competition Context

• The CJEU (Court of Justice of the EU) now affirms that GDPR violations can be considered under competition law, but it’s not automatic.
• Collaboration between Data Protection Authorities (DPAs) and Competition Authorities is crucial — though still inconsistent across EU states.
  Takeaway: Legal coordination is improving, but still needs reform (e.g., decentralising enforcement beyond Ireland).

5. Transparency Is the Solution — For Both Consumers & Businesses

• People often don’t read or understand terms, and consent is mostly uninformed.
• Alet recommends practical transparency tools like videos, visual cues, or real-time data usage popups to help users understand what’s happening.
  Advice to businesses: Be clear, simple, and proactive about data use.
  Advice to users: Know that your data = your value, even if you don’t pay with money.

You can contact Arletta Gorecka Ph.D here

https://www.linkedin.com/in/arletta-gorecka-25110413b/

Views are personal. Not legal advice. Info based on public sources at time of recording.

The latest in Data Protection and Privacy Podcast by David Clarke
Follow me on Twitter @1davidclarke 98.6k Followers
Join Linkedin GDPR Group 30,475 Others Members for FREE
CoAuthor of an ICO certified GDPR scheme

In this episode with Stas Levitan, AI Governance Expert & Co-founder @ DeepKeep we dive deep into the wild west of AI security, shadow AI, and the real risks lurking behind your favourite GenAI tools. Stas shares hard-hitting insights on why most companies are blind to their AI usage, and how governance isn’t just about tick-box compliance — it’s about survival.

Here’s what we covered:

• AI Risk Starts Way Before You Deploy It Most think risk begins at runtime. Nope. It starts the moment you grab that model from a repo — and trust me, most are not as “safe” as they look.
• Shadow AI Is Everywhere Employees are quietly using ChatGPT, Gemini, and open-source models — often with good intentions, but zero oversight. Big risk, bigger blind spot.
• Guardrails Aren’t Optional Anymore Enterprise AI needs serious guardrails — not just generic APIs. Think AI-native tools that track, monitor, and enforce behaviour in real time.
• LLMs Don’t Forget… Ever Feed your chatbot personal data, and you might just see it pop up later — possibly in someone else’s output.
• AI Security ≠ Traditional SecurityFirewalls won’t save you here. This is about controlling model behaviour, not just access and networks. Totally different mindset needed.
• Big AI Providers = Not Enterprise-Ready The default tools don’t cut it. The second you fine-tune a model or use it with your data — you own the risk.
• EU AI Act Isn’t Just Hype — It’s Happening Risk assessments, monitoring, documentation — this isn’t optional for high-risk sectors. And no, you probably aren't ready yet.
• Step One: Get Visibility You can’t protect what you can’t see. Start by discovering what AI is actually being used in your org — you might be shocked.

It’s a frank and eye-opening conversation that every CIO, CISO, and compliance lead should hear. Tune in — and if you’re using GenAI without a plan, maybe… stop.

Stas Levitan can be contacted here

•DeepKeep official website: https://www.deepkeep.ai
•Stas Levitan LinkedIn: https://uk.linkedin.com/in/stas-levitan

The latest in Data Protection and Privacy Podcast by David Clarke
Follow me on Twitter @1davidclarke 98.6k Followers
Join Linkedin GDPR Group 30,475 Others Members for FREE
CoAuthor of an ICO certified GDPR scheme

Emeka Mosanya, CTO of Certifaction, talks to David Clarke about how their Swiss-based e-signature platform ensures total document confidentiality using end-to-end encryption and local processing—ideal for sectors like healthcare and finance.

Top 5 Key Points:

1. Zero Document Access: Certifaction never sees or stores your documents—everything is fully encrypted.
2. Local Processing: All signing happens in your browser or via an on-premise gateway—no cloud exposure.
3. Strict Compliance: Fully aligned with GDPR and Swiss data protection laws; identity is traceable but private.
4. ISO 27001 Certified: Strong security framework with end-to-end encryption and no backdoors.
5. Fast Integration & White Labelling: Simple Docker-based API, designed to embed easily into third-party platforms.

Emeka Mosanya CTO at Certifaction can be contacted here https://www.linkedin.com/in/emekamosanya/ info@certifaction.com

The latest in Data Protection and Privacy Podcast by David Clarke
Follow me on Twitter @1davidclarke 98.6k Followers
Join Linkedin GDPR Group 30,475 Others Members for FREE
CoAuthor of an ICO certified GDPR scheme