EDPB

New 💸 fines guidelines coming at the end of 2025. Plus, an exciting Support Pool of Experts legal report on 'the extra-territorial enforcement of the GDPR' is coming soon.

Controllers should keep identity of *all* processors and sub-processors "readily available at all times" and their obligation to verify (sub-)processors' ‘sufficient guarantees’ should apply regardless of the risk. The EDPB also shares legitimate interest Guidelines for public consultation and more.

Systems overload! Is the EDPB taking on too much?

Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.

EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.

Noteworthy points on both EUC and Microsoft appealing the EDPS decision, next steps for the Consent or Pay guidelines, and AI Act national competent authorities.

Noteworthy points on future AI and Consent or Pay guidelines, Support Pool of Experts updates and underspending.