When AI Transcription Is “Necessary” Under GDPR: Insights from IMY’s Latest Sandbox Project
On 13 April 2026, the Swedish Data Protection Authority (IMY) published its sandbox report on the use of AI for transcription in social services (Sw. Transkribering inom socialtjänsten). This is referred to below as the Transcription report. The report examines whether AI-based transcription and summarisation can be used in compliance with the GDPR, with particular focus on […]
EDPB approves Europrivacy certification criteria for use in international data transfers
The European Data Protection Board (EDPB) has approved the Europrivacy certification criteria for use as a European Data Protection Seal in the context of international data transfers under Articles 42 and 46 GDPR. In principle, certifications issued under the scheme may be relied upon as an Article 46(2)(f) transfer mechanism for certified data importers outside […]
IMY Annual Report 2025: Complaint and Supervision Statistics
On 20 February 2026, the Swedish Authority for Privacy Protection (IMY) published its Annual Report 2025, outlining a year marked by a sharp increase in complaints and data breach notifications, and a proposal to review the GDPR. Complaints, supervision and sanctions IMY received 7,434 complaints in 2025, a 102% increase compared to 2024. In parallel, […]
EDPB–EDPS Joint Opinion on the Digital Omnibus proposal
On 19 November 2025, the European Commission issued a Digital Omnibus proposal with the aim to simplify compliance with the digital rulebook, hereby amending several EU digital legislation, such as GDPR, Data Act and ePrivacy Directive. The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a Joint Opinion on the proposed […]
Swedish DPA: Priorities for 2026
The Swedish Authority for Privacy Protection (“IMY“) has published its priorities for guidance and supervisory activities in 2026. IMY will focus its efforts on three areas where it identifies heightened privacy risks and a need for increased compliance with data protection rules. The overarching objective is to ensure that individuals can act safely and independently […]
New EU Regulation on Cross-Border GDPR Enforcement Procedures
On 12 December 2025, a new EU Regulation was published, setting harmonised procedural rules for the handling of cross-border GDPR enforcement cases by data protection authorities. The Regulation standardises the procedural framework for complaint-based investigations and investigations initiated by data protection authorities on their own motion, involving cross-border processing. It structures the full enforcement lifecycle, […]
The Digital Omnibus: Targeted Amendments to the EU Digital Rulebook
The European Commission has unveiled a new digital package designed to cut administrative burdens for companies across the EU and streamline the Union’s fragmented digital rulebook. The package centres on, amongst other things, amending existing requirements relating to GDPR, AI Act, Data Act, e-privacy directive and other data legislation such as the Data Governance Act. […]
EDPB Publishes Opinion on European Commission’s Proposal to Extend UK Adequacy Decision for Data Transfers to December 2031
On 22 July 2025, the European Commission proposed draft decisions to extend the United Kingdom’s GDPR adequacy status until December 2031. This would allow EU organisations to continue transferring personal data to the UK without additional safeguards such as Standard Contractual Clauses. The European Data Protection Board (EDPB) has now issued its opinion, welcoming the […]
Prohibitory injunction request under GDPR is clarified by the CJEU
In Case C-655/23, the Court of Justice of the European Union (CJEU) was asked to clarify whether a data subject may obtain a prohibitory injunction to prevent further unlawful data processing under the GDPR, whether such relief depends on the risk of repetition, and how this interacts with claims for non-material damages. Opinion of Advocate […]
Digital Omnibus: Simplifying the EU’s Digital Rulebook
The European Commission is taking steps to simplify the EU’s complex digital regulations, with the aim to ease reporting requirements for businesses and to create a more consistent digital regulatory framework. The Digital Omnibus, part of the wider Digital Package on Simplification, targets overlapping and outdated rules across several digital areas. The goal of the […]