Showing Posts In "Europe" Category
EU DPAs Reject Many Proposed Changes to the GDPR
The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion strongly rejecting key GDPR changes proposed in the EU’s Digital Omnibus reform package, including narrowing the definition of personal data and limiting the right of access. They also raised concerns that several provisions lack clarity and would weaken data […]
EU Digital Omnibus Amendments to GDPR To Facilitate AI Training Miss the Mark
The European Commission’s proposed Digital Omnibus amendments to the GDPR aim to simplify rules for AI training by allowing AI developers to use personal data under a legitimate interest basis with an unconditional opt‑out and introducing a new exemption for residual special‑category data. The author argues these changes miss the mark, creating practical and privacy […]
CJEU Says Observed Personal Data Is Collected Directly from The Data Subject — What It Means in Practice
The Court of Justice of the European Union (CJEU) ruled that personal data obtained through direct observation or monitoring — such as body‑worn cameras — is considered collected directly from the data subject under the EU GDPR. This means organizations must meet the Article 13 GDPR transparency obligations at the point of collection, typically via […]
How to Prepare for the EU Pay Transparency Directive – Including the Swiss Perspective
The EU Pay Transparency Directive, effective June 7, 2026, will require employers to increase openness around pay structures, recruitment, and employee pay data to help close gender pay gaps. Obligations include salary‑range disclosure to applicants, gender‑neutral job criteria, and gender pay‑gap reporting for larger employers starting in 2027. The article outlines steps to prepare: strengthen job […]
Looking Forward to GDPR Enforcement
New EU enforcement procedures under Regulation (EU) 2025/2518 are designed to make enforcement of the General Data Protection Regulation more efficient and consistent. The rules, which begin applying to actions opened after April 2, 2027, set deadlines for resolving complaints, require detailed information for admissibility, allow early resolution of stopped violations, and mandate cooperation among EU data protection authorities […]
The DSA and GDPR: 5 Ways These Laws Work Together
The Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) now intersect in EU digital law, and new European Data Protection Board (EDPB) guidelines explain how they work together. Providers of intermediary services must identify lawful bases for processing personal data, consider GDPR rules on automated decisions, and meet transparency obligations under both […]
EU Privacy Laws to Delete See-Through Blockchains
On April 14, 2025, the European Data Protection Board (EDPB) opened a consultation on Guidelines 02/2025 that addresses the processing of personal data through blockchain technologies. The Guidelines have sparked controversy in the blockchain community by highlighting a long-standing tension: how to reconcile the EU’s data protection requirements with blockchain’s core principle of immutability? What is the EDPB […]
EU Proposes Exemptions to GDPR Record-Keeping Provisions
The EU Commission is proposing that SMEs, SMCs, and organizations with fewer than 750 employees will be required to maintain records only when the processing of personal data is “high risk” under the GDPR. The proposals on simplification measures for EU businesses, issued yesterday, do not include the procedural rules for GDPR cross-border cases, which […]
The EU AI Act: Key Milestones, Compliance Challenges and the Road Ahead
The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. In a recent Cooley webinar, partner Patrick Van Eecke and associate Bartholomäus Regenhardt, members of the firm’s cyber/data/privacy practice, provided an overview of the EU AI Act’s phased implementation, compliance […]
EDPB Publishes Final Version of Guidelines on Data Transfers to Third Country Authorities and SPE Training Material on AI and Data Protection
The European Data Protection Board (EDPB) has adopted the final version of the guidelines on data transfers to third country authorities: Guidelines 02/2024 on Article 48 of the GDPR. The Guidelines explain that judgements or decisions from third-country authorities cannot be automatically or directly recognized or enforced in an EU Member State, reaffirming that a […]
SUBSCRIBE TO OUR NEWSLETTERS
The Global Background Screener
The Background Buzz!
(U.S. Background Screening
E-Magazine)