Regulatory Blog

In February 2024, the EDPB adopted the “Opinion on the notion of main establishment on the criteria for the application of the One-Stop-Shop mechanism" following a request by the French Data Protection Authority.

On 11 April 2024, the Advocate General Priit Pikamäe rendered an opinion in case C-768/21 Land Hessen, shedding light on the obligations of data protection authorities when addressing breaches of personal data.

On 18 January 2024, the European Data Protection Board published a One-Stop-Shop case digest on Security of Processing and Data Breach Notification. The Case Digest looks at a selection of decisions on security of processing and personal data breach notifications taken from the EDPB’s public register. It is based on a review of 90 decisions made between January 2019 and June 2023, covering Articles 32, 33, and 34 of the GDPR.

On 26 October 2023, the Interactive Advertising Bureau, a European association representing digital marketing and advertising companies, released a paper with recommendations for enhancing GDPR enforcement in cross-border cases. This is in response to the European Commission's aim to simplify GDPR enforcement in these cases.

On 18 October 2023, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) jointly released an opinion regarding the proposed regulation on the digital euro, a central bank digital currency aimed at enabling electronic payments both online and offline.

On 27 October 2023, the European Data Protection Board issued an urgent binding decision instructing the Irish Data Protection Authority to take definitive action against Meta Ireland Limited within two weeks and impose a ban on the processing of personal data for behavioural advertising in the European Economic Area based on the lawful bases of contract and legitimate interest.

On 19 September 2023, the European Data Protection Board and the European Data Protection Supervisor jointly released an opinion on the European Commission's proposal for a regulation on additional procedural rules for enforcing the General Data Protection Regulation.

On 23 August 2023, the European Data Protection Supervisor (EDPS) issued two opinions regarding proposals aimed at regulating financial and payment services in the European Union, which were issued by the European Commission in June of this year.

On 4 July 2023, the European Commission proposed new rules to enhance the enforcement of the General Data Protection Regulation (GDPR) in cross-border cases. The suggested GDPR Procedural Regulation aims to streamline cooperation between data protection authorities (DPAs) by harmonising administrative procedures. The proposed regulation introduces robust procedural rules for DPAs when applying the GDPR to cases involving individuals in multiple Member States.