The Data Act As of 12 September, the Data Act has become directly applicable in the EU. It offers harmonised rules on fair access to and use of data. The new rules cover manufacturers, users, data holders, data recipients, public sector bodies, and data processing services. It is designed to empower users, both consumers and […]
Author: Olya Vasylyk
Creator and editor of TechGDPR’s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.
Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, ‘personalisation’ in AI systems
An informal discussion is underway for the greater simplification of the GDPR The Danish EU Presidency is promoting GDPR reform to increase competitiveness by introducing SME-friendly amendments, such as restricting data rights in low-risk situations, rationalising DPIAs, and requiring prior mediation procedures before lodging complaints, the eutechloop.com article states. These are in line with the […]
Data protection digest 2-17 Aug 2025: “Data protection says what should be done, information security says how we do it” – Estonian regulator
How is data protection related to information security? The goal of information security is to protect an organisation’s business processes. This means responsibility for the security of the entire operating system and the ability to resist any activities that threaten the availability, authenticity, integrity, and confidentiality of data processed in the system or the services […]
Data protection digest 18 Jul – 1 Aug 2025: DPO as a value creator and return on investment for companies
The DPO as a value for a company The French data protection regulator CNIL has studied the economic benefits of the presence of a Data Protection Officer within companies. Statistical analysis shows that it is often profitable, especially for companies taking a positive approach to GDPR compliance. The two most represented sectors were research, IT […]
Data protection digest 3-17 July 2025: AI-generated voice and visuals’ potential to violate people’s rights and freedoms
A recent Guardian article caused a stir when it reported that an AI-generated band got 1m plays on Spotify in the past couple of weeks. Only after releasing two albums, the group called “The Velvet Sundown” admitted their music, images and backstory were created by AI. The story has triggered a debate on authenticity and […]
Data protection digest 17 Jun – 1 Jul 2025: protecting individuals, not organisations, should be the focus of risk assessment
Risk Assessment Personal data protection should be the cornerstone of risk assessments for organisations. The Polish regulator UODO came to this conclusion after investigating a ransom attack in a children’s clinical hospital in Białystok. Access to IT systems was blocked, which resulted in a breach of confidentiality and availability of personal data of approximately 2,000 […]
Data protection digest 2-16 June 2025: Data controller, processor, how to properly identify your GDPR role
GDPR role, how to determine? The French privacy regulator CNIL reviews the criteria and practical consequences of determining the GDPR role of data controllers and processors. The qualification does not always depend on a contractual choice but on the facts: who decides what, and who executes what, concerning personal data. The controller is the natural […]
Data protection digest 17 May – 1 June 2025: The ‘reject all’ button is a must; legitimate interest as the data controller’s initiative
‘Reject all’ button The State Commissioner for Data Protection of Lower Saxony has ruled that the “Reject all” button is a must on the first level of the consent banner for cookie preferences when an “Accept all” option is available. Consent banners may not specifically encourage consent and discourage the rejection of cookies. Otherwise, the […]
Data protection digest 3 – 16 May 2025: ‘divided’ court ruling on IAB Europe, data brokers and national security
IAB Europe case results in mixed decision IAB Europe and Belgium’s data protection authority have each claimed a ‘partial victory’ in the latest court decision over whether the IAB is liable for personal data processing over the online ad tools the industry group provides for the market, Telecompaper reports. The Belgian Market Court has annulled […]
Data protection digest 18 Apr – 2 May 2025: data controller obligation to monitor deletion or return of personal data held by the processor
Data controller obligation Upon termination of a processing agreement, the controller is obliged to monitor the deletion of personal data held by the processor. Such was a ruling by the Higher Regional Court of Dresden, Germany, closely looked at by a DLA Piper analysis. The plaintiff was a user of the online music streaming service […]
- 1
- 2
- 3
- …
- 12
- Next Page »