EDPB’s CEF 2025 report (10 February 2026) reviews GDPR erasure handling across 32 EEA SAs. It cites “average” compliance, but major methodology differences and low response rates limit how far the conclusions can be trusted.

In 2026, the Danish Data Protection Authority (Datatilsynet) adopted a new decision on Danish municipalities’ use of Google Chromebooks and Google Workspace in public schools, following earlier actions in 2022 and 2024. The decisions identify recurring GDPR issues, including lack of controller control, insufficient oversight of sub-processors, and unresolved third-country processing risks, highlighting the importance of conducting a DPIA before procurement and deployment.

AG Szpunar’s opinion in C-199/24 (Lexbase) says Sweden’s publication-certificate model (utgivningsbevis) can’t switch off the GDPR. This article explains how Swedish law created the loophole, what has been the practice in courts and at the data protection authority and how it changed, and what a CJEU preliminary ruling will mean for courts, regulators and search services in Sweden and across the EU.

The EDPS Microsoft investigation into the Commission’s use of Microsoft 365 is now closed, but the core risks remain. This article explores how the Commission addressed data protection issues through contractual safeguards, and why these cannot fully shield EU data from U.S. surveillance laws like the Cloud Act. A closer look at regulatory pragmatism in the face of legal limits.

From 2 August 2025, new obligations apply to providers of general-purpose AI models under the EU AI Act. This post explains which models are affected, what compliance steps are required, and how the transitional regime works for models already on the market. Includes links to the official guidelines, FAQ, and mandatory transparency template.

A Dutch driver was wrongly fined €439 when an AI system mistook her ice pack for a phone - and human reviewers didn’t catch the error. This case shows how AI in law enforcement can fail, especially at scale, when oversight is weak. Public trust depends not on automation alone, but on accountability when the system gets it wrong.

The AI Diplomacy Experiment tested 18 large language models in the strategic game Diplomacy to explore emergent AI behavior under competitive pressure. Models like ChatGPT, Claude, and DeepSeek demonstrated varying strategies - from cooperation to deception - revealing critical insights into AI alignment, strategic reasoning, and AI governance challenges. The findings raise urgent questions about how AI systems behave in adversarial environments and how institutional values s

The European Commission is consulting on how to implement the AI Act’s rules for high-risk AI systems. Learn what’s at stake, what the consultation covers, and how your business can contribute before the 18 July 2025 deadline.

The EDPB has released its final guidelines on Article 48 GDPR, clarifying how EU organisations should respond to foreign court orders and subpoenas. Discover what changed since the draft, what’s still allowed under Article 49(1)(e), and how to stay compliant.

Meta plans to use your Facebook and Instagram data to train its AI starting 27 May 2025. Learn how to object and protect your privacy before it's too late.