Europrivacy European Data Protection Seal Approved as Appropriate Safeguard for International Data Transfers
The European Data Protection Board adopted two Article 64 GDPR opinions approving the first certification instruments for international data transfers. The Europrivacy European Data Protection Seal can now be used as an appropriate safeguard for international data transfers under Articles 42 and 46 GDPR. The certification scheme has been extended to include organizations established outside the EEA but subject to GDPR under Article 3(2).
EU Digital Omnibus Makes Deidentification Statements Inevitable
IAPP published an analysis examining how the proposed EU Digital Omnibus regulation would codify Recital 26's anonymization standard into binding Article 4 definitions. The analysis notes the regulation shifts responsibility to organizations, requiring them to document and demonstrate why they cannot re-identify individuals from deidentified datasets — effectively requiring companies to prove a negative regarding identification capabilities.
xAI Sues California AG Over AI Training Data Transparency Law
xAI filed a lawsuit against California Attorney General Rob Bonta challenging AB 2013, the state's generative AI training data transparency law that took effect January 1, 2026. The law requires developers of generative AI systems made available to California residents to publicly disclose 12 categories of information about their training datasets, including data sources, size, copyright status, and personal information content. The District Court denied xAI's motion for preliminary injunction, and xAI has appealed to the 9th Circuit.
EU Age Verification App Technically Ready, Rollout Soon
The European Commission announced 15 April 2026 that its age verification app is technically ready and will soon be available for citizens. The app is built on the European Digital Identity Wallet framework and aims to provide privacy-preserving, anonymous age verification for online services. Commission President Ursula von der Leyen emphasized the app's open-source, user-friendly design and stated it supports Digital Services Act implementation and broader children's protection goals.
Italian DPA Newsletter No. 546: Eni Fined €96k, Remote Exam FAQs, FaceBoarding Non-Compliance
The Italian DPA (Garante) published Newsletter No. 546 covering five items. The Garante fined Eni €96,000 for a GDPR violation. The DPA also issued FAQs on remote proctoring systems for online exams and training courses, clarified employees' right to access personal emails after employment ends, found Milano Linate Airport's FaceBoarding facial recognition system non-compliant with GDPR, and approved the MIM Ministry's AscoltaMi listening service.
Live Nation/Ticketmaster Found Illegal Monopoly by Jury
Colorado AG Phil Weiser announced that a jury found Live Nation and Ticketmaster liable as an illegal monopoly in the live entertainment and ticketing industry. Colorado and other states rejected a settlement reached between the Justice Department and Live Nation and continued the antitrust lawsuit through trial in New York federal court. The jury verdict found Live Nation violated state and federal antitrust laws by monopolizing the market.