Swedish DPA Publishes Annual Report for 2024
The Swedish Authority for Privacy Protection (IMY) has published their annual report for 2024. IMY reported an increase in both the number of audits initiated and completed in 2024 compared to the previous year. The majority of these audits were triggered by individual complaints. Six administrative sanctions totalling approximately 60.5 million SEK were issued by […]
Swedish Guidelines on Data Protection Impact Assessments
The Swedish Authority for Privacy Protection (IMY) has provided guidance on conducting Data Protection Impact Assessments (DPIAs) for organizations processing personal data under the GDPR. The goal is to simplify the DPIA process and reduce uncertainty about the steps involved and how the regulations should be interpreted. The guidance includes a practical guide outlining a […]
CJEU Clarifies ‘Total Worldwide Annual Turnover’ For GDPR Fine Calculations
The Court of Justice of the European Union (CJEU) has in case C-383/23 clarified how ‘total worldwide annual turnover’ should be interpreted when calculating the maximum administrative fine under Article 83(4) and (6) GDPR. A data controller in Denmark was charged with GDPR violations and the Danish prosecutor sought a fine based on the group’s […]
EU Commission Withdraws e-Privacy Regulation Proposal
On 12 February 2025, the European Commission officially withdrew its proposal for a new E-Privacy Regulation, concluding years of debate over new rules on electronic communications privacy. Originally introduced in 2017, the regulation aimed to complement the General Data Protection Regulation (GDPR) and replace the E-Privacy Directive (2002/58/EC). However, persistent disagreements and shifted focus have […]
Guidelines on GDPR and the use of generative AI
New Privacy Guidelines on Generative AI from European Data Protection Authorities In recent weeks, several European data protection authorities have published new guidance outlining key data protection considerations for the use of generative AI. These guidelines address compliance challenges related to both the training of AI models and their deployment in various applications. Two significant […]
EDPB publishes reports on bias and data subjects’ rights in the AI context
The EDPB has today published two reports on how to understand and assess bias and implementation of data subjects’ right in the AI context by clarifying methods and tools usable. The reports were developed as part of the AI: Complex Algorithms and Effective Data Protection Supervision project, initiated under the Support Pool of Experts programme. […]
EDPS publishes Digital Clearinghouse 2.0
Today, the European Data Protection Supervisor (EDPS) introduced its concept note on the Digital Clearinghouse 2.0, a proposal aimed at fostering a consistent, cooperative, and coherent approach to enforcing EU laws regulating digital markets. This initiative highlights the need for improved cross-regulatory collaboration to navigate the complex and rapidly evolving digital regulatory landscape. Three key […]
EDPB publishes opinion on data protection in the context of AI models
On 17 December 2024, the EDPB published opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models. The opinion discusses questions regarding: Regarding anonymity, the Opinion states that an AI model’s anonymity needs to be assessed on a case-by-case basis, since the EDPB considers that […]