Sharing of personal data with the United States must be accompanied by comprehensive and effective safeguards 19 September 2025 On 17 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on the negotiating mandate for aframework agreement between the European Union and the United States of America on the exchange of information for […]
IDPC at the Global Privacy Assembly in Seoul 18 September 2025 The Information and Data Protection Commissioner Ian Deguara and Senior Legal Counsel Cynthia Duncan are attending the 47th Global Privacy Assembly (GPA), being held in Seoul, South Korea. The theme of the 2025 gathering, which is being held between 15 and 19 September, […]
Interplay between the DSA and the GDPR: EDPB adopts guidelines 12 September 2025 During its September plenary meeting, the European Data Protection Board (EDPB) has adopted guidelines on the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). These are the first set of EDPB guidelines on the interplay between […]
International cooperation to fight crime should respect EU fundamental rights guarantees 09 September 2025 On 4 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on two Proposals: one to authorise the signing, on behalf of the European Union, of the United Nations Convention against Cybercrime, and the other to authorise the conclusion, on […]
Cookie regulation: the CNIL imposes two fines on GOOGLE and SHEIN 05 September 2025 The French Data Protection Authority, CNIL, fined GOOGLE Eur325 million and SHEIN Eur150 million, in particular for failing to comply with the rules on cookies. These fines are part of the several measures taken by the CNIL to regulate non-compliant […]
Court of Justice clarifies the scope of the concept of personal data in the context of a transfer of pseudonymised data to third parties 04 September 2025 The European Court of Justice set aside the judgment of the General Court which had annulled the decision of the European Data Protection Supervisor. Following the resolution […]
European Court dismisses an action for annulment of the new framework for the transfer of personal data between the EU and the US 03 September 2025 In so doing, it confirms that, on the date of adoption of the contested decision, the United States of America ensured an adequate level of protection for personal […]
Fundamental Rights Impact Assessment Workshop – Save the date 03 September 2025 The AI Act introduces new accountability for AI systems, making protection of fundamental rights central. Article 27 requires deployers of certain high-risk systems to conduct a Fundamental Rights Impact Assessment (FRIA). This full-day workshop, organised by the IDPC, explains what is a FRIA, […]
IDPC publishes 2024 Annual Report 28 August 2025 The Information and Data Protection Commissioner (IDPC) published its Annual Report for 2024 – a year that once again underscored the vital importance of protecting personal data in a rapidly evolving digital world. The report states some key performance figures namely: 883 – Total Complaints received […]
European Commission publishes full list of AI companies signed up to Code of Practice 11 August 2025 The European Commission has published the full list of signatories to the EU’s generative AI Code of Practice initiative so far, known also as the Code of Practice for General Purpose AIs (GPAIs). The Code of Practice helps […]