Monthly Update – April 2026
April's privacy update covers three things worth knowing: a Belgian DPA fine over an ex-employee's mailbox, the Booking.com data breach as a reminder about vendor risk, and the EDPB's first standardised DPIA template.
Monthly Update – March 2026
March 2026 brought three developments worth knowing about: a CJEU ruling on when you can refuse a data access request, the launch of the EDPB's 2026 enforcement sweep on privacy notices, and a €530M fine against TikTok as a reminder that international data transfers go well beyond the US.
Monthly Update – February 2026
Our February 2026 roundup: a CJEU ruling on EDPB decisions, the Digital Omnibus Joint Opinion, and a reality check on the right to erasure.
Monthly Update – January 2026
January 2026 brought three developments worth knowing: the EU-Brazil adequacy decision was finalised, new SCCs for a specific transfer scenario are still delayed, and the EDPB mapped out its guidance agenda for the year ahead.
Monthly Update – October 2025
October 2025 brought two developments worth knowing: regulators are stepping up enforcement on cookie consent, and the EDPB announced that its 2026 coordinated enforcement action will target transparency and information obligations. Both hit the same nerve: the basics still matter.
Monthly Update – December 2024
Three developments from December 2024 worth knowing about: the EDPB's opinion on AI models and GDPR, the Dutch DPA's €4.75M fine against Netflix over transparency, and a CJEU ruling confirming that an apology can count as compensation for a GDPR breach.