Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
The European Data Protection Board (EDPB) has adopted its draft Recommendations 1/2026 on Binding Corporate Rules for Processors (BCR-P) (“Recommendations”). ...more
On 5 September 2025, the European Commission published its draft decision recognizing that Brazil ensures an adequate level of protection for personal data under Article 45 of the General Data Protection Regulation (“GDPR”)....more
On 19 November 2025, the European Union introduced two "Omnibus" reform packages, each targeting different regulatory domains but united by a common goal: regulatory simplification across the European Union. ...more
On October 9, 2025, the European Data Protection Board ("EDPB") and the European Commission issued (for public consultation) joint guidelines clarifying how the EU’s Digital Markets Act ("DMA") and General Data Protection...more
On October 20 2025, the European Data Protection Board (EDPB) announced that it had adopted two opinions on the European Commission’s draft implementing decisions which propose to extend the validity of the UK adequacy...more
On 12 September 2025, the European Data Protection Board (EDPB) issued draft guidelines (Guidance) on the interplay between the EU General Data Protection Regulation (GDPR) and the Digital Services Act (DSA), the latter of...more
Regulatory - Italy moves toward unified Pharmaceutical Code - On 18 September 2025, the Italian Council of Ministers approved the draft delegated law to create a unified code (Testo Unico) consolidating and modernising...more
On September 4 2025, the Court of Justice of the EU (CJEU) delivered its judgment in the case C-413/23 P, EDPS v SRB. The CJEU clarified the scope of the concept of personal data in the context of a transfer of pseudonymised...more
On 4 September 2025, the Court of Justice of the European Union (CJEU) delivered a ruling in EDPS v. SRB (Case C-413/23 P) that clarified how the EU General Data Protection Regulation (GDPR) applies to pseudonymised data. ...more
On 4 September, the ECJ handed down a major and eagerly awaited decision on the scope of personal data, accepting the point that pseudonymised data may be anonymised in the hands of a third party. The ECJ’s approach is...more
As we pass the mid-point of 2025, it’s a good time to review the important developments we have seen in the first 6 months of this year, particularly reforms to the UK’s data protection laws, the EU’s pathway to...more
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to adopt a double...more
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations...more
On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal from the European...more
Large Language Models (“LLMs”) are a subset of artificial intelligence (“AI”) which use a type of machine learning called deep learning in order to understand how characters, words, and sentences function together. The advent...more
In an era of stringent regulations and increasing legal risks, it has become essential for organizations to implement internal enforcement programs. However, in order for such programs to provide legal protection, they must...more
On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
What happens when data protection collides with the relentless pace of digital innovation? That’s the question the European Data Protection Board (EDPB) seemed to confront head-on in 2024, a year marked by unprecedented...more
The European Data Protection Board (EDPB) recently announced the launch of its 2025 Coordinated Enforcement Framework (CEF) action, which will focus on the right to erasure, also known as the “right to be forgotten,” or, in...more
On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK...more
Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more