The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a joint opinion on the European Commission’s proposed Digital Omnibus on AI, supporting its goal of simplifying the implementation of the EU AI Act while cautioning against measures that could undermine fundamental rights.
he January 2026 opinion responds to the Commission’s November 2025 proposal to ...
Recent enforcement actions across three major data protection and digital services regimes demonstrate that regulators on both sides of the Atlantic are increasingly willing to impose substantial penalties for non-compliance. From France to California to Brussels, companies face mounting consequences for violating privacy and transparency obligations.
EU Commission fines X.
In the most high-profile action, the European Commission on December ...
California is rolling out two significant regulatory packages that will reshape business obligations under California privacy law beginning January 1, 2026. Together, these regulations introduce comprehensive automated decision-making requirements, mandatory cybersecurity audits, risk assessments, and a centralized consumer deletion mechanism for data brokers.
Automated decision-making technology
The updated CCPA regulations establish extensive requirements for businesses using “automated decision-making technology” (ADMT), ...
Robot.txt file is not a technological barrier.
Judge Sidney H. Stein of the Southern District of New York issued a remarkable ruling in the OpenAI copyright litigation relating to web scraping and AI training practices. In partially granting OpenAI’s motion to dismiss claims brought by digital publisher Ziff Davis, the court delivered a significant holding: robots.txt files do not constitute ...
The European Data Protection Board (EDPB) has published and opened for public comments new recommendations addressing the widespread practice of requiring users to create accounts before browsing or purchasing on e-commerce websites. The guide concludes that mandatory account creation can be lawfully justified only in narrow circumstances.
EDPB recommendations for eCommerce sites
The EDPB systematically analyzed the three legal bases ...
August 2, 2026, marks a key application date for the EU AI Act, when the regulation’s core framework becomes broadly operational.
High-risk systems under the EU AI Act
According to the EU AI Act’s Article 113, this date triggers the application of most provisions not already in force, including the comprehensive requirements for high-risk AI systems listed in Annex III. ...
New user? Click here to register