Regulatory Blog

Provisions on AI literacy and prohibited systems apply as of 2 February 2025 under the EU AI Act, which came into force on 1 August 2024. While most provisions of the EU AI Act will not take effect until August 2026, the ban on certain prohibited AI practices (Article 5) and the obligations to promote AI literacy (Article 4), began on 2 February 2025.

In February 2024, the EDPB adopted the “Opinion on the notion of main establishment on the criteria for the application of the One-Stop-Shop mechanism" following a request by the French Data Protection Authority.

On 11 April 2024, the Advocate General Priit Pikamäe rendered an opinion in case C-768/21 Land Hessen, shedding light on the obligations of data protection authorities when addressing breaches of personal data.

On 18 January 2024, the European Data Protection Board published a One-Stop-Shop case digest on Security of Processing and Data Breach Notification. The Case Digest looks at a selection of decisions on security of processing and personal data breach notifications taken from the EDPB’s public register. It is based on a review of 90 decisions made between January 2019 and June 2023, covering Articles 32, 33, and 34 of the GDPR.

On 26 October 2023, the Interactive Advertising Bureau, a European association representing digital marketing and advertising companies, released a paper with recommendations for enhancing GDPR enforcement in cross-border cases. This is in response to the European Commission's aim to simplify GDPR enforcement in these cases.

On 18 October 2023, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) jointly released an opinion regarding the proposed regulation on the digital euro, a central bank digital currency aimed at enabling electronic payments both online and offline.

On 27 October 2023, the European Data Protection Board issued an urgent binding decision instructing the Irish Data Protection Authority to take definitive action against Meta Ireland Limited within two weeks and impose a ban on the processing of personal data for behavioural advertising in the European Economic Area based on the lawful bases of contract and legitimate interest.

On 19 September 2023, the European Data Protection Board and the European Data Protection Supervisor jointly released an opinion on the European Commission's proposal for a regulation on additional procedural rules for enforcing the General Data Protection Regulation.

On 23 August 2023, the European Data Protection Supervisor (EDPS) issued two opinions regarding proposals aimed at regulating financial and payment services in the European Union, which were issued by the European Commission in June of this year.