This case is a valuable step forward in data privacy. It looks at how GDPR can be enforced not only by data subjects and authorities but also by competitors. It also expands what’s considered “health data” under GDPR, which could impact many businesses.

This article continues our deep dive into direct marketing regulations across Europe. It is focusing on the frameworks of the Baltic region: Lithuania, Latvia, and Estonia. Each country has its own set of laws governing how businesses can engage with consumers, making it essential to understand these distinctions for compliant and effective marketing strategies.

I believe direct marketing is one of the most popular topics within data privacy field (of course not counting AI). Often, businesses and professionals focus primarily on the GDPR, particularly Recital 47, which allows direct marketing based on “legitimate interest”. This reliance on a broad interpretation of GDPR overlooks the reality that each EU Member State has its own specific regulations and requirements, particularly for consent and consumer privacy protections in direct marketing practices.