GDPR 2.0?
members
–
9 min read
[updated] 🧨 Commission's leaked Omnibus plans due 19 Nov causes hefty discussions | Helen Dixon on the GDPR | Kuner criticises 2024 Draghi report
AI (Act) resources
members
–
22 min read
⏰ AI Act high-risk regime delayed 12-15 months? | EDPS EUDPR guide: AI Systems Risk Management
Your OSS for the EDPB
members
–
3 min read
❌ Stakeholder event on anonymisation & pseudonymisation came and went 17 Nov 🤨 | EDPB wants input on templates (DPIAs, breaches WIP) | Overview page for all things EDPB: Guidelines, Opinions, Recommendations, Members, Meetings, Strategy & Work Programs, CEF, SPE, OSS, Art. 65 Decisions, WP29, CSC
Privacy, data protection & security legal landscape
members
–
7 min read
✅ Council adopts new Regulation to speed-up handling of cross-border data protection complaints | Commission preliminarily finds TikTok and Meta in breach of DSA transparency obligations
National DPA news (2025)
members
–
5 min read
🇫🇷 survey: Monetization of personal data | Learnings for all: 🇳🇱 DPAg recommendations after five major service provider cyber attacks | 🇪🇸 AEPD launches 'Privacy Dialogues' on YouTube | 🇬🇧 ICO announces new public sector approach | 🇳🇱 25% face DPA cookie banner actions
CJEU C-654/23 Inteligo Media 13 Nov 2025
members
–
7 min read
If a user creates a free account and gets access to articles, newsletters and the option to pay for further content, this falls under Art. 13(1) and (2) ePD as 'sale of a service' and 'direct marketing', and you don't need a legal basis under Art. 6 GDPR, in line with Art. 95 GDPR.
EDPB meeting minutes 7-8 Oct 2025
members
–
3 min read
Discussing SRB v EDPS, Helsinki Statement and Anonymisation guidelines: stakeholder event coming | Questions on Consent or Pay guidelines | 💡 DPAs focus & challenges | CEF topic 2026 | Joint DMA ↔ GDPR interplay guidelines | ❌ No joint DPIA/FRIA template | GPA resolutions | BCRs: 🇫🇷 Tessi, 🇵🇱 Box
EDPB meeting minutes 11 Sep 2025
members
–
2 min read
DSA ↔ GDPR interplay guidelines | 🇧🇷 Brazil & 🇬🇧 UK adequacy decisions | Helsinki Statement – practical implementation & Commission on simplifying breach reporting | EDPS C-413/23 update | BCRs: 🇮🇪 Shopify, 🇱🇺 Northern Trust, Ferrero Group, 🇳🇴 Mowi.
EDPB meeting agendas and minutes
members
–
8 min read
Sep & Oct minutes published | 4 Nov agenda: 🚨 Guidelines x 3: Political ads; Web scraping in GenAI context; AI Act ↔ EU data protection law interplay | Opinion on 🇧🇷 adequacy decision | New SPE project: Market study of data brokers
Adequacy decisions
members
–
3 min read
5 Nov: EDPB Opinion on 🇧🇷 Brazil draft adequacy decision – up next: Member States reps approval and EP "right of scrutiny" | 20 Oct: EDPB adopts opinions on UK GDPR & LED | 16 Sep: Republic of Korea EU adequacy decision.
CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025
members
–
5 min read
Pseudonymised data isn’t always personal in every case to everyone – but measures must be effective. Comments are personal by nature – no need to assess content, purpose or effects. Whether a person can be identified must be assessed from the controller’s perspective, when collecting the data.
CJEU T-553/23 Latombe v Commission 3 Sep 2025
members
–
4 min read
🔥 Latombe to appeal! New CJEU case number: C-703/25 P | "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.