On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached a provisional agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part of a government strategy titled, “Data: a new direction,” the legislation has undergone several rounds of revision since its initial introduction. Its passage reflects the UK’s desire to diverge, in measured ways, from the EU’s approach to data regulation in the post-Brexit landscape.Continue Reading UK Introduces New Legislation Amending Privacy Laws
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to pay EUR 400 in damages to an individual for transferring their personal data to the U.S. without having implemented a data transfer mechanism under EU law.Continue Reading EU Court Awards Damages for Breach of EU Data Transfer Rules
On September 10, 2024, the European Commission (EC) offices in charge of the enforcement of the Digital Markets Act (DMA) and the European Data Protection Board (EDPB)—the European body composed of all EU data protection regulators that oversees the consistent application of the General Data Protection Regulation (GDPR)—announced that they intend to provide guidance on the interplay between the DMA and GDPR.Continue Reading EU Agencies to Develop Guidance on the Interplay Between the DMA and GDPR
On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents, record declarations during dawn raids, and enforce certain provisions of the Digital Services Act (DSA) and the Digital Governance Act (DGA).Continue Reading New Enforcement Powers for the French Data Protection Authority (CNIL)