European Commission Is Planning To Propose the Digital Fairness Act
Following the publication of the Digital Fairness Fitness Check report on 3 October 2024, the European Commission plans to propose a Digital Fairness Act aimed at addressing key consumer protection issues in the online environment. The legislation will target digital practices such as the termination of subscription contracts, automatic subscriptions renewals, and the conversion of free […]
Swedish Supreme Court’s Landmark Decision on Public Disclosure of Criminal Judgments
The Swedish Supreme Court has issued two significant decisions on the public disclosure of criminal judgments, emphasizing the precedence of the GDPR over Sweden’s constitutional laws relating to public access to information. Click here to read the court decisions (in Swedish only). Background The first case involved a news agency that requested a large number […]
Swedish DPA Publishes Annual Report for 2024
The Swedish Authority for Privacy Protection (IMY) has published their annual report for 2024. IMY reported an increase in both the number of audits initiated and completed in 2024 compared to the previous year. The majority of these audits were triggered by individual complaints. Six administrative sanctions totalling approximately 60.5 million SEK were issued by […]
European Commission Publishes Updated FAQ (v. 1.2) on the Data Act
On 3 February 2025, the EU Commission published the latest version of Frequently Asked Questions (FAQ) on the Data Act (Regulation (EU) 2023/2854). Although the FAQ is not legally binding, it serves as a practical guide to assist stakeholders in implementing the rights and obligations established under the Data Act. It also clarifies the scope […]
Swedish Guidelines on Data Protection Impact Assessments
The Swedish Authority for Privacy Protection (IMY) has provided guidance on conducting Data Protection Impact Assessments (DPIAs) for organizations processing personal data under the GDPR. The goal is to simplify the DPIA process and reduce uncertainty about the steps involved and how the regulations should be interpreted. The guidance includes a practical guide outlining a […]
CJEU Clarifies ‘Total Worldwide Annual Turnover’ For GDPR Fine Calculations
The Court of Justice of the European Union (CJEU) has in case C-383/23 clarified how ‘total worldwide annual turnover’ should be interpreted when calculating the maximum administrative fine under Article 83(4) and (6) GDPR. A data controller in Denmark was charged with GDPR violations and the Danish prosecutor sought a fine based on the group’s […]
Investigation of Shein Illustrating the Importance of Adhering to EU Consumer Law When Targeting EU Markets
Last week, the European Commission announced that an investigation had been initiated into the Chinese e-commerce fashion company Shein within the Consumer Protection Cooperation Network. This highlights the principle that companies, regardless of their origin, must adhere to EU consumer protection laws when targeting EU markets, including online platforms established in third countries. Failure to […]
AI Liability Directive Proposal Withdrawn
On February 12, 2025, the European Commission announced that it would no longer proceed with the proposed Artificial Intelligence Liability Directive (AILD). Originally introduced in 2022, the AILD aimed to establish uniform rules across the EU for compensating individuals harmed by AI systems. The directive sought to address gaps in existing laws and legal systems […]
EU Commission Withdraws e-Privacy Regulation Proposal
On 12 February 2025, the European Commission officially withdrew its proposal for a new E-Privacy Regulation, concluding years of debate over new rules on electronic communications privacy. Originally introduced in 2017, the regulation aimed to complement the General Data Protection Regulation (GDPR) and replace the E-Privacy Directive (2002/58/EC). However, persistent disagreements and shifted focus have […]
Guidelines on GDPR and the use of generative AI
New Privacy Guidelines on Generative AI from European Data Protection Authorities In recent weeks, several European data protection authorities have published new guidance outlining key data protection considerations for the use of generative AI. These guidelines address compliance challenges related to both the training of AI models and their deployment in various applications. Two significant […]