We’ve compiled the latest in Data Protection and Privacy news for your convenience below.
1) Newly Published Documentation
🇪🇺 European Union – EDPB & EDPS Issue Joint Opinion on Digital Omnibus
The European Data Protection Board and the European Data Protection Supervisor published a Joint Opinion 2/2026 on the Digital Omnibus proposal (PDF), supporting simplification but warning that some amendments could weaken fundamental rights and fragment GDPR protection across the EU.
🇪🇺 European Union – EDPB Adopts 2026–2027 GDPR Work Programme
The European Data Protection Board adopted its 2026–2027 GDPR work programme (PDF), prioritising practical enforcement, updated cooperation procedures, revised fine-setting guidance, SME support tools, coordinated transparency enforcement, and further work on generative AI scraping.
2) Notable Case Law
🇫🇷 France – CNIL Reports €486.8 Million in GDPR Fines for 2025
France’s data protection authority published its 2025 enforcement report (in French), detailing 259 decisions and €486.8 million in fines, mainly linked to cookie violations, employee monitoring, security failures, and unlawful marketing practices.
🇺🇸 United States – FTC Warns Data Brokers Over Foreign-Adversary Data Sharing
The U.S. Federal Trade Commission sent warning letters under the Protecting Americans’ Data from Foreign Adversaries Act, reminding 13 data brokers that sharing sensitive data with entities linked to China, Russia, Iran, or North Korea may trigger penalties of up to $53,088 per violation.
🇪🇸 Spain – AEPD Orders Health Authority to Answer Access Request
The Spanish Data Protection Agency ordered the Balearic Health Service to comply with a GDPR access request within ten working days after missing the one-month deadline, as confirmed in its official resolution (PDF, in Spanish).
3) New and Upcoming Legislation
🇬🇧 United Kingdom – ICO Sets Complaint Handling Standards Under New Data Act
The UK Information Commissioner’s Office published guidance on complaint handling under the Data (Use and Access) Act, which enters into force on 19 June 2026 and requires clear procedures, prompt investigations, and reasoned written outcomes.
4) Strong Impact Tech
🇪🇺 European Union – EU Probes Google Over Search Ad Auction Pricing
EU antitrust regulators are assessing whether Google inflated search ad auction prices in breach of EU competition law, according to a Reuters report on the preliminary investigation.
🇪🇺 European Union – Brussels Targets “Infinite Scroll” Under DSA
EU regulators are scrutinising addictive design features such as infinite scroll and autoplay under the Digital Services Act in the TikTok investigation, as reported by Politico on potential DSA enforcement measures.
Other key information from the past weeks
🇨🇦 Canada – Ontario Releases Privacy-First AI Framework for Health Care
Ontario’s Information and Privacy Commissioner issued guidance on responsible AI use in health care (PDF), outlining governance expectations, vendor oversight, and safeguards for AI medical scribes.
👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates
Latest issues
About us
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.