GDPR

Subscribe to GDPR via RSS

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on in the months ahead.

Below are the top European digital regulatory issues to watch out for in 2026:Continue Reading 2026 Year in Preview: European Digital Regulatory Developments for Companies to Watch Out For

On December 2, 2025, the Court of Justice of the EU (CJEU) in X v Russmedia Digital SRL (C-492/23), ruled that the operator of an online marketplace, as a data controller, is responsible for the processing of personal data contained in advertisements published on its platform, and cannot rely on the hosting liability safe harbor to avoid responsibility for General Data Protection Regulation (GDPR) infringements arising from unlawful processing.Continue Reading CJEU Rules on Online Marketplaces’ Liability for User Content Under the GDPR

On November 19, 2025, the EU Commission (Commission) published a set of legislative proposals to introduce more flexibility into a number of EU digital regulations, including:

  • the Digital Omnibus, which amends a number of provisions of the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as the Data Act; and
  • the AI Omnibus, which focuses on the AI Act (jointly, the Omnibus Proposals).

Continue Reading The EU Omnibus Proposals Intend to Introduce More Flexibility in the GDPR, AI Act, and Other EU Digital Regulations

On October 9, 2025, the European Commission (EC) and the European Data Protection Board (EDPB) published Draft Guidance on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR, and the Draft Guidance).Continue Reading Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay

On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR

On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission (T-553/23).

Continue Reading EU Court Upholds the Validity of the EU-U.S. Data Privacy Framework