Data Privacy

ICO Decision on Ealing Council EIR and Personal Data

The UK's Information Commissioner's Office (ICO) issued a decision regarding Ealing Council's handling of an Environmental Information Regulations (EIR) request. The ICO found that the Council correctly withheld information under regulation 13 (third party personal data) and did not require further steps.

Spanish DPA Resolution on Procedure Termination

The Spanish Data Protection Agency (AEPD) has issued a resolution terminating procedure EXP202416460. This action signifies the closure of a specific enforcement or administrative process initiated by the agency.

EDPB Adopts 2026-2027 Work Programme for GDPR Compliance

The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, focusing on making GDPR compliance easier. Key initiatives include developing ready-to-use templates for organizations on legitimate interest assessments, records of processing activities, and privacy notices.

AI Code of Practice Taskforce Established for Implementation

Signatories to the EU's General-Purpose AI Code of Practice held their first meeting on January 30, 2026, to establish a Taskforce for implementation exchanges. The Taskforce will facilitate discussions among signatories on implementing the code and can provide input on guidance documents.

FTC Finalizes Order Against Adamas for No-Hire Agreements

The FTC has finalized a consent order against Adamas Amenity Services LLC, requiring the company to cease enforcing no-hire agreements. These agreements restricted building owners from hiring Adamas's employees without penalty, impacting wage and job growth for workers in New Jersey and New York City.

FTC Warns Apple CEO Over Alleged Bias in Apple News Content

The FTC has issued a warning letter to Apple CEO Tim Cook regarding alleged bias in Apple News content. The letter states that if Apple misrepresents its news service or violates its terms of service, it could be in violation of the FTC Act.

ICO Guidance: Data Protection Complaints Process

The UK's Information Commissioner's Office (ICO) has published new guidance detailing requirements for organisations to establish a data protection complaints process. These requirements, stemming from the Data (Use and Access) Act 2025, will become legally effective on June 19, 2026, but are presented as good practice in the interim.

EDPB Report on GDPR Compliance Templates Consultation

The European Data Protection Board (EDPB) has published a report on its public consultation regarding helpful templates for organizations to facilitate GDPR compliance. This report summarizes the feedback received from stakeholders on potential template needs.

EDPB Work Programme 2026-2027

The European Data Protection Board (EDPB) has published its Work Programme for 2026-2027. This document outlines the EDPB's priorities and planned activities for the upcoming two-year period, focusing on data protection and GDPR compliance across the EU.

AEPD Resolution: Simyo Denied Voice Recording Access

The Spanish Data Protection Agency (AEPD) issued a resolution against Simyo (Orange España Virtual, S.L.) for denying a consumer's right of access to voice recordings related to a SIM swap. Simyo initially conditioned access on a judicial order, which is not required by law, but later provided the recordings after the complaint.