We’ve compiled the latest in Data Protection and Privacy news for your convenience below.
1) Newly Published Documentation
๐ซ๐ท France โ CNIL Publishes Guidance on Analyzing AI Models Under GDPR
France’s CNIL published guidance helping AI providers assess whether their models store personal data from training and are subject to GDPR, building on the EDPB’s opinion on AI development.
๐ฉ๐ฐ Denmark โ Datatilsynet Announces 2026 Supervisory Focus on AI Monitoring Technologies
Denmark’s Data Protection Authority published 2026 priorities focusing on AI monitoring in care settings, patient devices, employee tracking, and website tracking, signaling heightened healthcare and workplace scrutiny (Danish).
๐ช๐บ European Union โ European Commission Publishes DMA Review Consultation Summary with 450+ Responses
The European Commission published all contributions from its Digital Markets Act review consultation, with stakeholders supporting DMA objectives while calling for expanded AI and cloud scope. The review report is due May 3, 2026.
2) Notable Case Law
๐ช๐บ European Union โ EU Commission Orders X to Preserve All Grok Documents Until End of 2026
The European Commission instructed X to retain all Grok-related records through December 31, 2026, as it examines Digital Services Act compliance following criticism over AI-generated harmful imagery.
๐ฌ๐ง United Kingdom โ UK Prime Minister Starmer Seeks International Coalition Against X Over AI-Generated Abuse Images
UK Prime Minister Starmer is building an international “coalition of decency” after X’s Grok enabled non-consensual imagery creation, with the government supporting potential enforcement action under the Online Safety Act.
3) New and Upcoming Legislation
๐ช๐บ European Union โ European Parliament Confirms Digital Omnibus as 2026 Priority with Potential AI Act Timeline Delays
The European Parliamentary Research Service confirmed the AI Act will fully apply from August 2, 2026, but the proposed Digital Omnibus could delay certain high-risk system deadlines to late 2027 and 2028.
๐ณ๐ฑ Netherlands โ Ministry Delays Cybersecurity Act Entry Into Force to Q2 2026
The Dutch Ministry confirmed NIS2 Directive transposition into the national Cybersecurity Act is delayed until Q2 2026, with the existing Security of Networks and Information Systems Act remaining in effect.
4) Strong Impact Tech
๐บ๐ธ USA โ Meta Strikes Nuclear Power Agreements Worth 6.6 GW to Support AI Infrastructure
Meta announced agreements with Vistra, TerraPower, and Oklo to secure up to 6.6 gigawatts of nuclear capacity by 2035, including 20-year deals and funding for eight new advanced reactors.
๐ช๐บ European Union โ EU Antitrust Regulators Set February 10 Deadline for Google’s $32 Billion Wiz Acquisition
EU antitrust regulators will decide by February 10, 2026, whether to approve Alphabet’s $32 billion Wiz acquisition, Google’s largest deal ever, or open a full investigation.
๐ซ๐ท France โ Macron Calls for Deepening EU’s Digital Rules in Face of US Pushback
French President Macron urged Europe to defend its Digital Services Act and Digital Markets Act, emphasizing European digital sovereignty as Washington criticized EU tech regulations.
Other key information from the past weeks
๐ง๐ท Brazil โ ANPD Extends Digital ECA Compliance Deadline to February 13
Brazil’s ANPD extended the deadline for 37 tech companies to submit compliance information on the Digital Child and Adolescent Statute, including Amazon, Apple, and Google Brazil (Portuguese).
๐ณ๐ฟ New Zealand โ Privacy Commissioner Confirms Manage My Health Cyber Breach Notification
New Zealand’s Privacy Commissioner confirmed Manage My Health reported a ransomware incident on January 1, 2026, affecting thousands of users’ sensitive health information including discharge summaries and referral letters.
๐ Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates
Latest issues
About us
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.