The European Commission is preparing the Digital Omnibus Package, a major initiative to simplify and modernise the EU’s complex digital rulebook. Expected in November 2025, the proposal aims to reduce administrative burdens, clarify overlaps between laws and help businesses—especially SMEs—navigate digital compliance more easily. The package will introduce targeted updates to existing regulations, including the ePrivacy Directive, the Data Governance Act, and the AI Act, with

The city of Braga has reaffirmed that data protection and technological security were top priorities in the public procurement of 35 Yutong electric buses, following concerns raised in Norway and Denmark about cybersecurity risks linked to the manufacturer. The municipality states that the contract includes strict rules preventing any unauthorized remote access and guarantees that all data, including black box records, belongs exclusively to the city. Braga also confirms that

The European Commission’s new “Digital Omnibus” proposal, published on 19 November, is facing strong criticism as experts warn it could weaken key safeguards in the GDPR and the ePrivacy Directive. Privacy group noyb released a 71-page analysis comparing current law with the Commission’s proposals, highlighting legal inconsistencies, risks to fundamental rights, and real-world consequences for users, regulators, and companies. Despite removing some controversial elements afte

The Swedish Authority for Privacy Protection (IMY) is investigating a major data breach at Miljödata, a government software provider, after personal information of up to 1.5 million people was exposed. The leaked data includes names, ID numbers, dates of birth, contact details, addresses, and even sensitive documents such as medical certificates and rehabilitation plans. Much of this information has already appeared on the dark web. Because Miljödata supplies software to 80%

Amazon has lost its appeal against a record €746 million ($812M) fine imposed by Luxembourg’s privacy regulator (CNPD) for violating EU GDPR rules. The court sided with the CNPD, which had penalized Amazon for improperly processing personal data. While Amazon is considering further appeals, the ruling underscores Europe’s strict approach to data protection and its willingness to enforce the GDPR at the highest levels. The CNPD also included measures for Amazon to remedy the d

Ireland’s Data Protection Commission (DPC) has fined TikTok €530 million for failing to ensure that European user data transferred to China was protected from access by Chinese authorities. The investigation revealed that TikTok provided misleading information to the DPC and failed to demonstrate that data sent to China would have protection levels equivalent to GDPR standards. While TikTok claims it never shared data with the Chinese government, the DPC found that data was r

Recent court decisions in Germany and at the European General Court are challenging the traditional interpretation of GDPR compensation. Historically, under Art. 82 GDPR, data subjects could only claim damages if they proved actual harm resulting from a GDPR violation. However, recent cases—like Junghans v. Meta and Bindl v. European Commission—suggest that a mere loss of control over personal data or uncertainty about its processing can now qualify as non-material damages, e

The European Commission is preparing changes to the General Data Protection Regulation (GDPR) aimed at reducing administrative burdens for small and medium-sized enterprises (SMEs), while maintaining strong privacy protections. Proposed adjustments may include simplifying data registration requirements for companies with fewer than 500 employees.   The initiative responds to concerns that the current GDPR framework increases compliance costs, creates legal uncertainty due to

The EU has launched an investigation into X (formerly Twitter) over the use of personal data from EU and EEA users to train its AI models, including Grok. The Irish Data Protection Commission (DPC), acting on behalf of the EU, will examine whether X’s practices comply with key GDPR provisions, especially regarding legality and transparency. This follows X’s commitment in September to stop using certain EU user data for AI training. However, the company continued AI model deve

Germany’s data protection commissioner has called on Apple and Google to remove the AI chatbot DeepSeek from their app stores, citing...

Meta has been fined €251 million by the European Union for a data breach that occurred in 2018, affecting 29 million accounts, including...

In 2023, Portugal saw 332 personal data breaches, almost one per day, as reported by the CNPD. A significant case involved the Social...

Europol's data protection regime is designed to ensure privacy and compliance with data protection principles while supporting law...

The Austrian Data Protection Authority (DSB) has been criticized by the Court of Justice of the European Union (CJEU) for its arbitrary...

Chinese AI company DeepSeek is under investigation by several EU data protection authorities over potential GDPR breaches linked to...

The Irish Data Protection Commission has taken a major step in its GDPR investigation into TikTok, submitting a draft decision on the...

The European Data Protection Board (EDPB) has ramped up its enforcement cooperation among EU member states to address GDPR enforcement...

As GDPR marks a milestone, new IAPP data shows over half a million organizations across Europe have appointed Data Protection Officers...

Ireland’s Data Protection Commission (DPC) has launched a cross-border inquiry into Google’s compliance with GDPR in its AI model,...

The Data Protection Commission (DPC) has launched a cross-border inquiry into Google Ireland Ltd. to examine whether the company...