Opportunities for the transfer of pseudonymous online marketing data – the role of data clean rooms – how businesses can ensure their compliance
On the 4th of September 2025 the European Court of Justice handed down its long-awaited judgment in the ‘SRB’ case, which, for the first time in years, discusses the question of when data is ‘personal’ – and when it can be considered anonymous. This distinction is often not easy, especially in the case of pseudonymised data, and it has a significant impact on the GDPR compliance of online businesses. The debate between the so-called relative approach, which was already established in the ECJ’s ‘Breyer’ ruling in 2016, has been upheld: Everything depends on whether the respective data controller processing the data can establish a personal reference for itself.
In this context, data clean room providers have been making their case for some time, arguing that pseudonymised data can be regarded as anonymous from their point of view. However, this raises the question of whether the GDPR is then still applicable at all. Other businesses in the ad tech industry are now also faced with the question of whether they can claim to be completely exempt from the GDPR because they cannot identify the individuals behind the data they are processing. At the same time, their customers are demanding GDPR compliance from them, which is why privacy compliance certifications have become such an important marketing tool. This webinar explains the current state of the debate and provides clarity in light of the occasionally sensationalist statements about the practical significance of the ruling.
When: Thursday 11 September 2025, 3.00-4.00pm
Registration: teams
Speaker: Dr. Lukas Mezger, Rechtsanwalt und Partner, Unverzagt Rechtsanwälte