On February 10, 2026, the Court of Justice of the European Union (CJEU) confirmed in a landmark judgment that companies can seek annulment of European Data Protection Board (EDPB) binding decisions before the adoption of
Continue Reading Court of Justice of the European Union Confirms Judicial Review of EDPB Binding DecisionsCarol Evrard
The EU Omnibus Proposals Intend to Introduce More Flexibility in the GDPR, AI Act, and Other EU Digital Regulations
Posted in Cybersecurity, Privacy
On November 19, 2025, the EU Commission (Commission) published a set of legislative proposals to introduce more flexibility into a number of EU digital regulations, including:
- the Digital Omnibus, which amends a number of provisions of the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as the Data Act; and
- the AI Omnibus, which focuses on the AI Act (jointly, the Omnibus Proposals).
Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay
By Cédric Burton, Jindrich Kloub, Deirdre Carroll, Carol Evrard, Laurine Daïnesi Signoret & Claudia Chan on
Posted in Privacy
On October 9, 2025, the European Commission (EC) and the European Data Protection Board (EDPB) published Draft Guidance on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR, and the Draft Guidance).Continue Reading Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay
EU Data Act Enters into Force
By Laura De Boel, Laura Brodahl & Carol Evrard on
Posted in Privacy
Effective September 12, 2025, the EU Data Act introduced new rules on access to and sharing of data from certain products and services in business-to-consumer (B2C), business-to-business (B2B), and business-to-government (B2G) contexts. This alert highlights the key obligations. The EU Data Act applies to any business offering products or services in the EU, regardless of its location.Continue Reading EU Data Act Enters into Force
EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached a provisional agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation…
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR EnforcementEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
NIS2: Preparing for EU’s New Cybersecurity Rules
Posted in Cybersecurity
The European Union (EU) has revised its Cybersecurity Directive (NIS2). The new rules will apply to a wide range of companies in many sectors, create new cybersecurity obligations, and impose high fines for noncompliance. EU countries have until October 17, 2024, to transpose the new rules. As the deadline approaches, companies should assess the impact on their cybersecurity strategy. This alert summarizes the key obligations for businesses.Continue Reading NIS2: Preparing for EU’s New Cybersecurity Rules