On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR
Cédric Burton
EU Court Upholds the Validity of the EU-U.S. Data Privacy Framework
By Cédric Burton, Rossana Fol & Hattie Watson on
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission (T-553/23).…
Continue Reading EU Court Upholds the Validity of the EU-U.S. Data Privacy FrameworkEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached a provisional agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation…
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR EnforcementEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Understanding the EU’s Cyber Solidarity Act: Key Takeaways
By Cédric Burton, Demian Ahn, Laura Brodahl & Matthew Nuding on
Posted in Cybersecurity
On February 4, 2025, the European Union’s (EU) Cyber Solidarity Act (CSA) entered into force. The CSA aims to harmonize and strengthen the cooperation between EU authorities to improve their capacity to detect and address…
Continue Reading Understanding the EU’s Cyber Solidarity Act: Key TakeawaysRansomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
Posted in Cybersecurity
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements