Blog

A Delicate Balance: How the “Chat Control” Proposal Overlooks Privacy Under the Pretense of Security

Posted on April 28, 2026April 28, 2026 by Edda Pernice Category:European Commission, GDPR, UK GDPR

The European Commission first proposed the “Chat Control” regulation in May 2022. Its full title is the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse. Since then, the European Council (sometimes referred to as the EU Council) and Parliament have debated […]

Data protection digest 4-18 April 2026: questions rising over new EU age verification app & unjust automated parking fines

Posted on April 21, 2026April 21, 2026 by Olya Vasylyk Category:Data Protection Digest

EU age verification app The European Commission has announced that a new age verification app designed to protect children online is ‘technically ready’ and will soon be available for citizens to use. The app will allow users to prove their age when accessing online platforms, helping protect children from harmful or inappropriate content. It can […]

Data protection digest 3 April 2026: abusive access request, human resources management & patient data in the cloud

Posted on April 7, 2026April 7, 2026 by Olya Vasylyk Category:Data Protection Digest

Abusive data access request The EU Court of Justice ruled that even a first personal data access request may be deemed abusive under the GDPR if it is made solely to generate compensation claims, allowing controllers to refuse such requests. An individual residing in Austria subscribed to the newsletter of a family-run optician company in […]

Is an IP address considered personal data?

Posted on March 24, 2026March 24, 2026 by AJ Richter Category:GDPR

The concept of personal data lies at the heart of the General Data Protection Regulation (GDPR), shaping the scope of its protections and obligations. Among the most debated examples of such identifiers are IP addresses. While often perceived as neutral technical data, regulatory authorities and courts within the European Union have clarified that IP addresses […]

Data protection digest 3-18 Mar 2026: Proposed EU Biotech Act strengthens clinical trial participants’ rights

Posted on March 20, 2026March 20, 2026 by Olya Vasylyk Category:Data Protection Digest

EU Biotech Act The EDPB and EDPS adopted a Joint Opinion on the European Commission’s Proposal for a European Biotech Act. It aims to strengthen Europe’s biotechnology and biomanufacturing sectors, including streamlining the regulatory framework and updating the rules for clinical trials (in the form of proposed amendments to the Clinical Trials Regulation). The privacy […]

Data protection digest 18 Feb – 2 Mar 2026: ‘Conditional Consent’ for meaningful user control over cookie preferences

Posted on March 4, 2026March 17, 2026 by Olya Vasylyk Category:Data Protection Digest, GDPR

Conditional consent vs cookie fatigue On 10 February, the EDPB and EDPS, in a joint opinion, strongly welcomed the regulatory solution to address cookie fatigue and the proliferation of consent banners. This follows the European Commission’s proposal to switch to automated, machine-readable indications of data subjects’ choices under the Digital Omnibus package. The EU regulators […]

Conditional Consent: an Open Proposal for How Article 88b Consent Signalling Should Work

Posted on February 25, 2026February 25, 2026 by Silvan Jongerius Category:Consent management, GDPR

Cookie consent is broken, and everyone knows it. Europeans spend an estimated 575 million hours per year clicking through consent banners. Research shows that up to 80% of users click “Accept All” when dark patterns push them toward it, which 72% of banners do. Half of websites set cookies before users make any choice at […]

Data protection digest 3-17 Feb 2026: When using anonymisation for deletion, controllers have differing degrees of success – EDPB

Posted on February 19, 2026February 19, 2026 by Olya Vasylyk Category:Data Protection Digest, GDPR

Data deletion requests Throughout 2025, 32 supervisory authorities across the EU/EEA launched coordinated investigations into controllers’ compliance with the right to erasure under the GDPR. Now, the EDPB has published a report of the findings. As the right to deletion is not absolute, some controllers face difficulties in assessing and applying the conditions for exercising […]

Does the GDPR apply to my US company?

Posted on February 10, 2026February 10, 2026 by AJ Richter Category:Beyond EU, GDPR

Introduction The usual assumption of most US businesses is, “the GDPR is an EU regulation, hence it does not impact my organisation.” This belief results most often in unnecessary risk. The US equivalent of this misconception would be a company registered in Texas thinking its services don’t fall under the scope of the CCPA. The […]

Data protection digest 19 Jan – 2 Feb 2026: New PETs guide, Digital identities ecosystem & employees’ surveillance fine

Posted on February 4, 2026February 4, 2026 by Olya Vasylyk Category:Data Protection Digest, GDPR

Privacy Enhancing Technologies (PETs) The Israeli data protection authority published a technical guide to Privacy Enhancing Technologies, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle: Stay up to date! Sign up to receive our fortnightly digest via email. […]

Do you need support on data protection, privacy or GDPR? TechGDPR can help.

Contact Us

Thank You!

Thank You!