Photo of Anna Oberschelp de Meneses

Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.

She has obtained a certificate for "corporate data protection officer" by the German Association for Data Protection and Data Security ("Gesellschaft für Datenschutz und Datensicherheit e.V."). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).

Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.

Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.

The European Commission (“Commission”) is working on a new EU consumer protection law called the Digital Fairness Act (“DFA”) to better protect consumers in the digital space.  The DFA is expected to regulate, among other things, influencer marketing. 

With EU consumer protection watchdogs starting to bring cases against companies whose products or services are promoted by influencers (see for example here), the DFA’s provisions may apply not only to influencers, but also to companies that deploy or use influencers, to ensure that advertising practices are fair and transparent.  This blog post explores two key issues that the European Commission is expected to prioritize in its approach to influencer marketing.  It also provides a brief overview of the French legal framework in this area, which some expect to serve as a model for the EU’s forthcoming rules in this area.Continue Reading Digital Fairness Act Series – Topic 1: Influencer Marketing

On March 20, 2025, the Court of Justice of the European Union (“CJEU”) ruled on the fairness, under EU consumer protection law, of a contractual clause allocating a percentage of an athlete’s income to a professional services provider (Case C‑365/23 [Arce]).  This ruling sets an important precedent and strengthens the protection afforded by consumer protection law to minors who enter into professional service contracts, whether in sport or elsewhere.Continue Reading CJEU Rules on Fairness of Remuneration Clause in Sports Contract

On March 21, 2025, the European Commission announced that the Consumer Protection Cooperation Network (“CPC-N”) had initiated enforcement proceedings against an online gaming company, for allegedly violating EU consumer protection laws and engaging in practices that could pose a particular risk to children.  The gaming company now has one month to propose commitments to remedy the consumer law violations identified by the CPC-N.  Concurrently, the CPC-N published guidelines to promote transparency and fairness in the online gaming industry’s use of virtual currencies.Continue Reading Consumer Watchdogs Turn Their Attention to the Online Gaming Industry

On February 4, 2025, the Japanese Government announced its intention to position Japan as “the most AI-friendly country in the world”, with a lighter regulatory approach than that of the EU and some other nations.  This statement follows: (i) the Japanese government’s recent submission of an AI bill to Japan’s Parliament, and (ii) the Japanese Personal Data Protection Commission’s (“PPC”) proposals to amend the Japanese Act on the Protection of Personal Information (“APPI”) to facilitate the use of personal data for the development of AI.Continue Reading Japan Plans to Adopt AI-Friendly Legislation

On March 13, 2025, the Court of Justice of the EU (“CJEU”) ruled that the right of rectification (in Article 16 GDPR) requires a national authority to correct a person’s gender identity, where it is shown to be inaccurate (Case C‑247/23 [Deldits]).  The authority, however, may require that person to provide relevant and sufficient evidence to establish that the information concerning their gender is inaccurate, but may not go so far as to require proof of gender reassignment surgery.Continue Reading CJEU Rules on Right of Rectification of Gender Identity

On March 17, 2025, the Finnish Supervisory Authority (“SA”) announced that it is investigating the transfer of personal data related to human research samples by a Finnish university to a Chinese company for genetic analysis services.  Continue Reading Finnish Supervisory Authority Investigates Health Data Transfers to China

On March 18, 2025, the Norwegian Consumer Council asked the Norwegian Supervisory Authority to investigate a payment app provider for using consumers’ purchase history for targeted advertising. Continue Reading Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted Advertising

Updated

On March 5, 2025, the European Data Protection Board (“EDPB”) announced that EU Supervisory Authorities (“SAs”) will undertake a coordinated enforcement action in 2025 regarding data subjects’ right to erasure under Art. 17 of the GDPR.  For context, the EDPB selects a particular topic each year as its focus for pan-EU coordinated enforcement.Continue Reading EDPB Launches Coordinated Enforcement on the Right to Erasure

On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case C‑203/22).Continue Reading CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets