All News
- Recent
- Featured
Sweden’s updated NIS2 draft regulation on training and security measures: broader flexibility, targeted tightening on supply chain security
- 5 min
MCF has published an updated draft regulation on training and security measures under Sweden’s NIS2 framework. The draft signals more flexibility overall, but tighter expectations in supply chain security.
When AI Transcription Is “Necessary” Under GDPR: Insights from IMY’s Latest Sandbox Project
- 5 min
IMY’s latest sandbox report suggests that AI transcription in social services can be GDPR-compliant where it meaningfully improves efficiency and remains tied to an existing legal task, redefining how “necessity” is assessed.
EDPB approves Europrivacy certification criteria for use in international data transfers
- 1 min
The EDPB has approved the Europrivacy certification criteria for use in international data transfers under the GDPR, adding a new potential Article 46 transfer tool for certified data importers outside the EEA.
The European Commission Publishes Model Contractual Terms and Standard Сontractual Clauses Under the Data Act
- 4 min
The Commission has released a package of non-binding model contractual terms (MCTs) and standard contractual clauses (SCCs) intended to harmonise how organisations contract for data access, data sharing and data-processing.
EDPB Publishes Opinion on European Commission's Proposal to Extend UK Adequacy Decision for Data Transfers to December 2031
- 1 min
The Commission proposes to extend the UK’s GDPR adequacy until December 2031, with the EDPB broadly supportive while urging close monitoring of UK legal changes, ahead of the Commission’s formal adoption.
Swedish Accessibility Act – First Market Surveillance and Supervision by PTS
- 1 min
Following the entry into force of the Swedish Act on the Accessibility of Certain Products and Services in June, the Swedish Post and Telecom Authority (Sw. PTS) has initiated its first round of market surveillance and superv
Swedish Government Submits Bill on New Cybersecurity Act to Implement NIS 2
- 2 min
The Swedish Government has published the bill to implement the NIS 2 directive (2022/2555) into Swedish law. The proposal includes amongst other things the introduction of a new law, the Swedish Cybersecurity Act.
Sweden Proposes National AI Legislation to Supplement the EU AI Act
- 3 min
Sweden’s long-awaited AI inquiry (SOU 2025:101) proposes a new national AI law and ordinance to supplement the EU AI Act, designating the Swedish Post and Telecom Authority (PTS) as the lead supervisory authority.
Prohibitory injunction request under GDPR is clarified by the EU court
- 1 min
In Case C-655/23, the EU court held that the GDPR does not itself grant a right to preventive injunctions, though Member States may allow them, and such relief cannot reduce compensation for non-material damages.
New Government Inquiry May Broaden Swedish Employers’ Right to Background Checks, But Legislative Reform Will Likely Take Years
- 2 min
Swedish employers face increasing legal uncertainty over background checks, as recent case law and strict GDPR rules leave them with very limited and often ineffective tools to screen candidates or employees.
The AI Office receives the final Draft of General-Purpose AI Code of Practice
- 1 min
Regulation 2024/1689 (AI Act) will impose new requirements on general-purpose AI from 2 August 2025. To support compliance, the AI Office has facilitated drawing-up of the General-Purpose AI Code of Practice.
The Swedish Consumer Agency Commissioned to Focus on Influencer Marketing
- 1 min
The Swedish Consumer Agency (Sw. Konsumentverket) has been commissioned by the Swedish government to strengthen its efforts related to influencer marketing, with particular emphasis on safeguarding children and young people.
EU Set to Approve First-Ever GDPR Adequacy Decision for an International Organisation
- 3 min
The European Data Protection Board has endorsed the EU’s first-ever draft adequacy decision for an international organisation, recognising the European Patent Organisation as offering adequate data protection.
Swedish DPA Sends Questionnaire to 20 Organisations About the Right to Erasure
- 2 min
The Swedish Authority for Privacy Protection (IMY) is sending a questionnaire to 20 large organizations in both the public and private sectors to examine how they handle personal data deletion requests.
The Swedish Consumer Agency initiates audits against over 50 influencers and advertisers
- 1 min
According to the agency, many influencers fail to clearly label promotional content, thereby violating marketing laws and placing young audiences—who are particularly vulnerable to subtle advertising—at risk.
European Commission publishes living repository to highlight AI literacy efforts across organisations
- 1 min
The European Artificial Intelligence Office has launched a living repository showcasing how AI Pact organisations are promoting learning and knowledge-sharing around AI literacy, as required by Article 4 of the AI Act.
European Commission adopts Decision (EU) 2025/628 laying down internal rules for its data processing activities under the enforcement of the DSA
- 2 min
On 31 March 2025, the European Commission adopted internal rules for processing personal data under the Digital Services Act (Regulation (EU) 2022/2065) for supervision, investigation, enforcement, and monitoring purposes.
Third Draft of the EU Code of Practice for GPAI-models Has Been Released
- 2 min
Today, the third draft of the EU Code of Practice for general-purpose AI models (GPAI models) was released. The code of practice aims to assist providers of GPAI models in aligning with the upcoming obligations in the AI Act.
EU Report Highlights Potential Legal Conflict Between AI Act and GDPR on Sensitive Personal Data
- 2 min
A new report from the European Parliamentary Research Service (EPRS) warns of a potential legal conflict between the EU AI Act and the GDPR, particularly concerning the use of sensitive personal data to mitigate algorithmic
European Commission Is Planning To Propose the Digital Fairness Act
- 2 min
Following the Digital Fairness Fitness Check report on 3 October 2024, the European Commission plans to propose a Digital Fairness Act aimed at addressing key consumer protection issues in the online environment.
Swedish Supreme Court's Landmark Decision on Public Disclosure of Criminal Judgments
- 2 min
The Swedish Supreme Court has issued two significant decisions on the public disclosure of criminal judgments, emphasizing the precedence of the GDPR over Sweden’s constitutional laws relating to public access to information.
Swedish Guidelines on Data Protection Impact Assessments
- 2 min
The Swedish Authority for Privacy Protection (IMY) has provided guidance on conducting Data Protection Impact Assessments (DPIAs) for organizations processing personal data under the GDPR. The goal is to simplify the DPIA pro
CJEU Clarifies ‘Total Worldwide Annual Turnover’ For GDPR Fine Calculations
- 2 min
The Court of Justice of the European Union (CJEU) has in case C-383/23 clarified how ‘total worldwide annual turnover’ should be interpreted when calculating the maximum administrative fine under Article 83(4) and (6) GDPR.
Investigation of Shein Illustrating the Importance of Adhering to EU Consumer Law When Targeting EU Markets
- 2 min
Last week, the European Commission announced that an investigation had been initiated into the Chinese e-commerce fashion company Shein within the Consumer Protection Cooperation Network. This highlights the principle that co
New Privacy Guidelines on Generative AI from European Data Protection Authorities
- 2 min
In recent weeks, several European data protection authorities have published new guidance outlining key data protection considerations for the use of generative AI. These guidelines address compliance challenges related to bo
Recent ECJ Judgement on the Price Indication Directive – Announced Price Reductions Must be Calculated on the Lowest Price in the Last 30 Days
- 3-4 min read
On 26 of December 2024, the European Court of Justice (“ECJ”) delivered its judgement in case C-330/23 (Aldi Süd) on the interpretation of article 6a of the Price Indication Directive.
X is not a core platform service under the Digital Markets Act
- 30 sek read
On 16 October 2024, the Commission announced that the online social networking service of X is not a core platform service under the Digital Markets Act (DMA). According to the press release, X did not quality as a gatekee…