Data Privacy & Cybersecurity

EDPB Joint Guidelines on DMA and GDPR Public Consultation

The European Data Protection Board (EDPB) and the European Commission have opened a public consultation on their Joint Guidelines concerning the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR). Interested parties are invited to submit comments by December 4, 2025.

EDPB GDPR Compliance Templates Consultation

The European Data Protection Board (EDPB) has launched a public consultation to gather ideas for developing ready-to-use GDPR compliance templates for organizations. The consultation seeks input on the most useful template types and closes on December 3, 2025.

EDPB Consultation on User Accounts for E-commerce Websites

The European Data Protection Board (EDPB) has launched a public consultation on its Recommendations 2/2025 concerning the legal basis for requiring user accounts on e-commerce websites. The consultation is open for comments until February 12, 2026.

EDPB Public Consultation on Processor Binding Corporate Rules

The European Data Protection Board (EDPB) has launched a public consultation on its Recommendations 1/2026 concerning Processor Binding Corporate Rules. The consultation is open until March 2, 2026, and aims to gather feedback on the application, elements, and principles for these rules under GDPR.

S-Bank Fined EUR 1.8 Million for GDPR Violations

The European Data Protection Board reports that the Finnish Supervisory Authority has fined S-Bank EUR 1.8 million for GDPR violations related to a data security vulnerability. The bank failed to implement adequate safeguards, leading to a personal data breach affecting a significant proportion of its customers.

EDPB Strengthens Global Data Protection Cooperation

The European Data Protection Board (EDPB) held a meeting with Data Protection Authorities from countries and organizations with an EU adequacy decision to strengthen global data protection cooperation. This follows up on a previous meeting in October 2024 and focuses on sharing information and experiences in international data protection enforcement.

EDPB/EDPS Support AI Act Streamlining with Stronger Safeguards

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have issued a joint opinion on the EU Commission's proposal to streamline the AI Act. While supporting administrative simplification, they urge stronger safeguards to protect fundamental rights and advise against removing the registration obligation for high-risk AI systems.

EDPB Conference on Cross-Regulatory Cooperation

The European Data Protection Board (EDPB) is hosting a conference on March 17, 2026, in Brussels to discuss cross-regulatory cooperation from a data protection perspective. Registration is open until February 26, 2026.

EDPB/EDPS Joint Opinion on Digital Omnibus Regulation Proposal

The EDPB and EDPS have issued a joint opinion on the Digital Omnibus Regulation proposal, supporting simplification efforts while raising concerns about proposed changes to the GDPR's definition of personal data. They also welcome increased data breach notification thresholds and deadlines.

ICO Decision Notice: Cabinet Office FOI Request Breach

The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to the Cabinet Office. The ICO upheld a complaint that the Cabinet Office breached FOI rules by failing to respond to a request within the statutory 20-working day period.