Blog

Conditional Consent: an Open Proposal for How Article 88b Consent Signalling Should Work

Posted on February 25, 2026February 25, 2026 by Silvan Jongerius Category:Consent management, GDPR

Cookie consent is broken, and everyone knows it. Europeans spend an estimated 575 million hours per year clicking through consent banners. Research shows that up to 80% of users click “Accept All” when dark patterns push them toward it, which 72% of banners do. Half of websites set cookies before users make any choice at […]

Data protection digest 3-17 Feb 2026: When using anonymisation for deletion, controllers have differing degrees of success – EDPB

Posted on February 19, 2026February 19, 2026 by Olya Vasylyk Category:Data Protection Digest, GDPR

Data deletion requests Throughout 2025, 32 supervisory authorities across the EU/EEA launched coordinated investigations into controllers’ compliance with the right to erasure under the GDPR. Now, the EDPB has published a report of the findings. As the right to deletion is not absolute, some controllers face difficulties in assessing and applying the conditions for exercising […]

Does the GDPR apply to my US company?

Posted on February 10, 2026February 10, 2026 by AJ Richter Category:Beyond EU, GDPR

Introduction The usual assumption of most US businesses is, “the GDPR is an EU regulation, hence it does not impact my organisation.” This belief results most often in unnecessary risk. The US equivalent of this misconception would be a company registered in Texas thinking its services don’t fall under the scope of the CCPA. The […]

Data protection digest 19 Jan – 2 Feb 2026: New PETs guide, Digital identities ecosystem & employees’ surveillance fine

Posted on February 4, 2026February 4, 2026 by Olya Vasylyk Category:Data Protection Digest, GDPR

Privacy Enhancing Technologies (PETs) The Israeli data protection authority published a technical guide to Privacy Enhancing Technologies, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle: Stay up to date! Sign up to receive our fortnightly digest via email. […]

Data protection digest 4-18 Jan 2026: Legitimate Interests Assessment, AWS Europe Sovereign Cloud, Google settlement over child data

Posted on January 22, 2026 by Olya Vasylyk Category:Data Protection Digest

Legitimate Interests Assessment (LIA) The Hamburg Data Protection Commissioner provided a comprehensive questionnaire for determining the legitimate interests legal basis for processing. It helps those responsible to examine and document precisely what their interest in data processing is and whether the rights and interests of the data subject are adequately considered. It guides users step-by-step […]

Data protection digest 3 Jan 2026: Improvements are being made to GDPR enforcement, US consumer privacy, and emerging “Shadow AI” concerns

Posted on January 7, 2026January 19, 2026 by Olya Vasylyk Category:Artificial Intelligence, Data Protection Digest, GDPR

GDPR enforcement simplified A new regulation came into force on 1 January, supplementing the GDPR. It speeds up the work of data protection authorities in enforcement cases that involve multiple countries in the EU/EEA. The regulation provides, among other things, for time limits, stages of investigation, the exchange of information between authorities, and the rights […]

Data protection digest 3-18 Dec 2025: E-commerce websites should offer a choice between ‘guest’ mode, or voluntary account creation

Posted on December 22, 2025December 22, 2025 by Olya Vasylyk Category:Data Protection Digest

E-commerce user data As a general rule, users should have the option to engage with e-commerce websites, including the ability to make purchases, without creating an account. In such cases, the EDPB recommends that e-commerce websites offer a choice: either a ‘guest’ mode, allowing users make purchases without creating an account, or the option to […]

Data protection digest 18 Nov-2 Dec 2025: “Digital omnibus” package latest & market price of personal data already estimated

Posted on December 4, 2025December 4, 2025 by Olya Vasylyk Category:Data Protection Digest

“Digital omnibus” package latest On 19 November, the European Commission presented proposals for amendments in the digital area legislation, including the GDPR, the Data Act, the EU AI Act, and the NIS 2 Directive. According to digitalpolicyalert.org analysis, the Digital Omnibus would amend the GDPR by: The Digital Omnibus would also exempt personal data processing […]

AI Data Retention Strategy under the GDPR and the EU AI Act: Reconciling the Regulatory Clock

Posted on November 26, 2025November 26, 2025 by AJ Richter Category:Artificial Intelligence, GDPR

Artificial Intelligence (AI) is reshaping industries, but organizations developing AI systems face a critical, often overlooked strategic risk: managing the retention of training data in compliance with European Union (EU) law. The GDPR emphasizes rapid deletion of personal data, while the EU AI Act requires long-term archival of system documentation. Navigating these conflicting requirements is […]

Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people’s lifestyle data

Posted on November 19, 2025November 19, 2025 by Olya Vasylyk Category:Data Protection Digest

Consumer loan checks Consumer loan checks can reveal people’s lifestyles. The Dutch Data Protection Authority AP concluded this after reviewing a bill concerning consumer loans. It believes that lenders can assess a person’s ability to meet payment obligations with less information about them. It’s unlikely that all the information in a bank statement, including sender, […]

Do you need support on data protection, privacy or GDPR? TechGDPR can help.

Contact Us

Thank You!

Thank You!