Blog

The legal case against the EU travel rule in crypto
For a more technical legal argument, see the paper linked here.
Norwegian decision banning behavioural advertising on Facebook and Instagram
On 14 July, the Norwegian Data Protection Authority (DPA) imposed a temporary three-month ban on “behavioural advertising” on Facebook and Instagram to users based in Norway. The decision relied on the “urgency procedure” under the General Data Protection Regulation (GDPR), which exceptionally allows direct regulatory interventions by other national authorities than the authority of the country where the business is registered (here: Ireland).
Where and when do “execution,” “settlement,” and “finality” happen on Ethereum: technical understandings
By Mikołaj Barczentewicz (0xMikolaj) Thanks to Barnabé Monnot, Caspar Schwarz-Shilling (EF RIG), and Quintus Kilbourn (Flashbots) for their comments and discussion. This work is supported by a grant from the Ethereum Foundation (more information about the larger research project).
How the New Interoperability Mandate Could Violate the EU Charter
Previously published by Lawfare on 6 July 2023. Among the regulatory tools created by the European Union’s Digital Markets Act (DMA)—landmark competition legislation that took effect across the EU last November—is a mandate that the largest digital-messaging services must be made interoperable.
The CJEU’s Decision in Meta’s Competition Case Part 2: Sensitive Data and Privacy Enforcement by Competition Authorities
Yesterday, I delved into the recent judgment in the Meta case (Case C-252/21) from the Court of Justice of the European Union (CJEU). I gave a preliminary analysis of the Court’s view on some of the complexities surrounding the processing of personal data for personalized advertising under the GDPR, focusing on three lawful bases for data processing - contractual necessity, legitimate interest, and consent.
The CJEU’s Decision in Meta’s Competition Case: Consequences for Personalized Advertising Under the GDPR (Part 1)
Today’s judgment from the Court of Justice of the European Union (CJEU) in Meta’s case (Case C-252/21) offers new insights into the complexities surrounding personalized advertising under the EU General Data Protection Regulation (GDPR).
The Legal Risks of Automated Transaction Copying in Crypto Markets
Co-authored with Alex Sarch and Natasha Vasan. Originally published by The FinReg Blog, Duke University (6 June 2023). Markets built on public, permissionless blockchains like Ethereum are radically transparent. While pending transactions in traditional finance are considered private information, viewable only by brokers or corporate insiders, transactions submitted to Ethereum’s public mempool—where they wait to be included on the blockchain—are publicly known.
EU Digital Markets Act (DMA) and Digital Services Act (DSA) and online advertising
I spoke to Eric Seufert for his Mobile Dev Memo podcast (“the site of record for mobile advertisers and app developers”) about how the new EU Digital Markets Act (DMA) and Digital Services Act (DSA) may affect online advertising.
Keeping data flowing is in India’s interest
Co-authored with Geoffrey Manne. Originally published by The Times of India (28 March 2023). Mandates to restrict the flow of data across national boundaries have taken hold in a growing number of jurisdictions, including India.
EU privacy law and online advertising
I spoke to Eric Seufert for his Mobile Dev Memo podcast (“the site of record for mobile advertisers and app developers”) about recent developments in EU privacy law applicable to online advertising.