EDPB/EDPS Support AI Act Streamlining with Stronger Safeguards

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have issued a joint opinion on the EU Commission's proposal to streamline the AI Act. While supporting administrative simplification, they urge stronger safeguards to protect fundamental rights and advise against removing the registration obligation for high-risk AI systems.

EDPB Conference on Cross-Regulatory Cooperation

The European Data Protection Board (EDPB) is hosting a conference on March 17, 2026, in Brussels to discuss cross-regulatory cooperation from a data protection perspective. Registration is open until February 26, 2026.

EDPB/EDPS Joint Opinion on Digital Omnibus Regulation Proposal

The EDPB and EDPS have issued a joint opinion on the Digital Omnibus Regulation proposal, supporting simplification efforts while raising concerns about proposed changes to the GDPR's definition of personal data. They also welcome increased data breach notification thresholds and deadlines.

ICO Decision Notice: Cabinet Office FOI Request Breach

The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to the Cabinet Office. The ICO upheld a complaint that the Cabinet Office breached FOI rules by failing to respond to a request within the statutory 20-working day period.

ICO Decision Notice: UWE must disclose construction expenditure

The UK's Information Commissioner's Office (ICO) issued a decision notice against the University of the West of England (UWE). UWE is required to disclose construction expenditure information within 30 days, as the ICO found their refusal to be unlawful under the Environmental Information Regulations (EIR).

Frimley Health NHS Trust FOI Request Upheld

The ICO has upheld a Freedom of Information (FOI) request against Frimley Health NHS Foundation Trust for failing to respond within the statutory 20 working days. The Trust is now required to respond to the complainant within 30 calendar days.

ICO Upholds Lambeth Council's Refusal on Information Request

The ICO has upheld Lambeth Council's refusal of one information request under the Environmental Information Regulations (EIR) 11(2) and 5(2). However, the Council breached EIR 5(2) by failing to respond within 20 working days and EIR 11(2) by not completing an internal review.

ICO Upholds Complaint Against Birmingham City Council for Delayed Planning Information

The UK's Information Commissioner's Office (ICO) has upheld a complaint against Birmingham City Council for failing to provide planning information within the statutory 20-working-day timeframe. The ICO found the council in breach of the Environmental Information Regulations (EIR).

ICO Updates UK GDPR International Transfer Guidance

The UK's Information Commissioner's Office (ICO) has updated its guidance on international personal data transfers under UK GDPR. The revised guidance aims to simplify compliance for businesses by introducing a 'three step test' and clarifying complex areas.

ICO Fines Two Companies £225,000 for Nuisance Marketing

The UK's Information Commissioner's Office (ICO) has fined Allay Claims Ltd and ZMLUK Limited a total of £225,000 for sending millions of unsolicited marketing messages. Allay Claims was fined £120,000 for unlawful text messages, and ZMLUK Limited received a £105,000 fine for unlawful marketing emails.