The European Health Data Space Regulation Has Been Officially Published
The European Health Data Space (EHDS) Regulation was officially published in the Official Journal of the European Union on 5 March 2025 and will enter into force on 26 March 2025. The regulation enhances individual rights by granting EU citizens immediate access to their electronic health data and enabling seamless cross-border sharing. It also establishes […]
EDPB Launches 2025 Coordinated Action on Right to Erasure
The European Data Protection Board (EDPB) has launched its 2025 Coordinated Enforcement Framework (CEF) action, focusing on the enforcement of the right to erasure under Article 17 GDPR. This initiative follows the 2024 action on the right of access and aims to assess how organizations handle requests to delete personal data. The Swedish Authority for […]
EU Report Highlights Potential Legal Conflict Between AI Act and GDPR on Sensitive Personal Data
A new report from the European Parliamentary Research Service (EPRS) warns of a potential legal conflict between the EU AI Act and the GDPR, particularly concerning the use of sensitive personal data to mitigate algorithmic bias. The AI Act, which came into force in August 2024, aims to regulate (amongst other things) high-risk AI systems […]
Swedish Supreme Court’s Landmark Decision on Public Disclosure of Criminal Judgments
The Swedish Supreme Court has issued two significant decisions on the public disclosure of criminal judgments, emphasizing the precedence of the GDPR over Sweden’s constitutional laws relating to public access to information. Click here to read the court decisions (in Swedish only). Background The first case involved a news agency that requested a large number […]
Swedish DPA Publishes Annual Report for 2024
The Swedish Authority for Privacy Protection (IMY) has published their annual report for 2024. IMY reported an increase in both the number of audits initiated and completed in 2024 compared to the previous year. The majority of these audits were triggered by individual complaints. Six administrative sanctions totalling approximately 60.5 million SEK were issued by […]
European Commission Publishes Updated FAQ (v. 1.2) on the Data Act
On 3 February 2025, the EU Commission published the latest version of Frequently Asked Questions (FAQ) on the Data Act (Regulation (EU) 2023/2854). Although the FAQ is not legally binding, it serves as a practical guide to assist stakeholders in implementing the rights and obligations established under the Data Act. It also clarifies the scope […]
Swedish Guidelines on Data Protection Impact Assessments
The Swedish Authority for Privacy Protection (IMY) has provided guidance on conducting Data Protection Impact Assessments (DPIAs) for organizations processing personal data under the GDPR. The goal is to simplify the DPIA process and reduce uncertainty about the steps involved and how the regulations should be interpreted. The guidance includes a practical guide outlining a […]
CJEU Clarifies ‘Total Worldwide Annual Turnover’ For GDPR Fine Calculations
The Court of Justice of the European Union (CJEU) has in case C-383/23 clarified how ‘total worldwide annual turnover’ should be interpreted when calculating the maximum administrative fine under Article 83(4) and (6) GDPR. A data controller in Denmark was charged with GDPR violations and the Danish prosecutor sought a fine based on the group’s […]