News

Brussels, 11 February - The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the Digital Omnibus Regulation proposal.* This proposal aims to simplify the EU's digital regulatory framework, reduce administrative burden and enhance the competitiveness of European organisations. The EDPB and the EDPS focus on the aspects concerning the GDPR, the EUDPR, the ePrivacy Directive, and the Data Acquis.** More specifically, they asses

The European Commission’s dangerous and misguided Digital Omnibus proposal includes a dangerous rollback of transparency requirements in the AI Act. 60 civil society organisations, independent public authorities and individuals, including EDRi, urge EU lawmakers to reject a change that would risk weakening enforcement, legal certainty, and the protection of fundamental rights, while offering negligible benefits for companies. The post AI Omnibus: Reject the proposals to undermine transparency in

EDRi has assessed the Digital Omnibus proposals affecting the General Data Protection Regulation (GDPR) and the ePrivacy framework. While presented as simplification, the changes amount to deregulation in effect, weakening fundamental rights safeguards, increasing legal uncertainty, and advancing through a process that falls short of democratic lawmaking standards. The post Reopening GDPR and ePrivacy through the Digital Omnibus: a risky path for EU digital rights appeared first on European Digi

The Digital Omnibus proposal fails to comply with the Charter of Fundamental Rights and Better Regulation rules, EDRi urged the Council to send the proposal back to the Commission for proper scrutiny and comprehensive assessments. The post EDRi urged the Council to demand a proper scrutiny of the Digital Omnibus proposal appeared first on European Digital Rights (EDRi).

De Autoriteit Persoonsgegevens (AP) presenteert vandaag de visie van de AP op generatieve artificiële intelligentie (AI). Daarin schetst de toezichthouder hoe generatieve AI veilig, verantwoord en in lijn met grondrechten kan worden ingezet. De AP kijkt vooruit en ziet mogelijkheden, maar waarschuwt tegelijk voor reële maatschappelijke risico’s.

De European Data Protection Board (EDPB) en de European Data Protection Supervisor (EDPS) hebben een gezamenlijke opinie gepubliceerd over het voorstel van de Europese Commissie om de uitvoering van de AI-verordening te vereenvoudigen. Dit voorstel wordt ook wel de ‘Digital Omnibus on AI’ genoemd.

Brussels, 21 January - The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s Proposal for the ‘Digital Omnibus on AI’. The Proposal seeks to simplify the implementation of certain harmonised rules under the AI Act to ensure their effective application.The EDPB and the EDPS support the objective of addressing practical challenges relating to the implementation of the AI Act. Administrative simplificat

Spyware continues to spread across Europe despite years of scandals and undisputable evidence of fundamental rights violations. As the European Commission remains inactive, civil society, journalists and some lawmakers at the European Parliament are stepping up pressure for accountability. In this context, EDRi is launching a document pool to centralise resources that tracks abuse and support the growing push for a full EU-wide ban of spyware. The post EDRi launches new resource to document abus

Government.

"The government recognizes the importance of protecting fundamental rights and appreciates that the Commission also gives attention to this issue. Nevertheless, the government has reservations about the proposal, given that the regulation provides for the large-scale availability of sensitive..."

Government

“Het kabinet onderschrijft het belang van de bescherming van grondrechten en waardeert dat de Commissie hieraan eveneens aandacht schenkt. Niettemin plaatst het kabinet kanttekeningen bij het voorstel, gezien het feit dat de regeling voorziet in een grootschalige beschikbaarstelling van gevoelige...

This article highlights evidence-based alternatives that strengthen child safety while safeguarding encryption and fundamental rights. It calls for better enforcement, more targeted tools, and meaningful support for child protection services rather than broad surveillance measures. The post Moving past ‘Chat Control’ to solutions that truly protect kids and privacy appeared first on European Digital Rights (EDRi).

This article highlights alternatives that are evidence-based and strengthen the safety of children, while simultaneously protecting encryption and fundamental rights. It advocates for better enforcement, more targeted tools, and meaningful support for services that focus on child protection, rather than broad surveillance measures. The article "Beyond 'Chat Control': Towards solutions that truly protect children and privacy" originally appeared on European Digital Rights (EDRi).

On November 19th, the European Commission published two so-called "omnibus" proposals: one revising key aspects of the General Data Protection Regulation (GDPR) and the ePrivacy rules, along with other data-related laws, and the other an amendment to the AI Act. This article focuses on the first proposal. It explains how the proposed changes could weaken fundamental rights related to data protection and the confidentiality of communications, and why the combined effect risks undermining long-standing safeguards for individuals within the EU.

News from the European Union.

There is a growing movement for reforms in data protection. The European Commission is proposing specific changes to make compliance easier for small and medium-sized enterprises, and the United Kingdom is implementing significant reforms. The reforms in the United Kingdom are focused on...

Legislation

Kamerstukken II 2024-2025, 36663, nr. 7. Brief van de tijdelijke commissie Grondrechten en constitutionele toetsing over een advies over het wetsvoorstel Wijziging van de Leerplichtwet 1969 en enige andere onderwijswetten in verband met het voorkomen en het terugdringen van verzuim in het fundere...

> The growth of generative artificial intelligence systems has led EU lawmakers to focus on General Purpose AI in drafting the AI Act, which will set the framework governing artificial intelligence in the European Union. As previously reported, the EU Parliament has already broadened the definition of artificial intelligence for the purposes of the AI Act… The post Is the AI Act caging ChatGPT and other General Purpose Artificial Intelligence systems? appeared first on GamingTechLaw.

A rundown of the fine on IAPP: https://iapp.org/news/a/a-rundown-of-the-greek-dpas-clearview-ai-fine-findings

De Commissie heeft met enthousiasme een recent Amerikaans besluit gesteund om een nieuw kader te implementeren ter bescherming van de privacy van persoonlijke gegevens die worden uitgewisseld tussen de VS en Europa. Dick Roche is het daar niet mee eens. https://iapp.org/news/a/the-redress-mechanism-in-the-privacy-shield-successor-on-the-independence-and-effective-powers-of-the-dprc/

The Commission has endorsed enthusiastically a recent US order to implement a new framework to protect the privacy of personal data shared between the US and Europe. Dick Roche begs to differ. https://iapp.org/news/a/the-redress-mechanism-in-the-privacy-shield-successor-on-the-independence-and-effective-powers-of-the-dprc/

> GDPR RISK ASSESSMENT is intended to assist controllers and processors to identify the risk factors for the rights and freedoms of data subjects whose data are present in the processing, to make an initial assessment of the intrinsic risk, including the need to perform a DPIA, and to estimate the residual risk if measures and safeguards are used to mitigate the specific risk factors.

> Privacybescherming is niet absoluut. Dat staat zelfs letterlijk zo in de privacywetgeving. De AVG bevat daarom ook allerlei uitzonderingen. Een van de uitzonderingen die enkele keren terugkomt in de AVG ziet op de verwerking van persoonsgegevens in het kader van "de instelling, uitoefening of onderbouwing van een rechtsvordering". Tot op heden was echter niet heel erg duidelijk wat die woorden nu precies betekenen. Een recente uitspraak van de Afdeling bestuursrechtspraak van de Raad van State

The European Digital Rights (EDRi) network published a position paper on the proposed Regulation on automated data exchange for police cooperation, known as “Prüm II”. This currently primarily consists of a data-sharing network (interlinking national DNA, fingerprint and vehicle registration databases). It foresees the expansion of the data-sharing network to the interconnection of facial images and, on a voluntary basis, “police records”. The position paper raises several critical issues of t

The GDPR incorporates the RBA for all obligations of the controller in the GDPR. Where the transfer rules are stated as obligations of the controller (rather than as absolute principles), the RBA of Article 24 therefore applies. Other than the DPAs assume, this is not contradicted by the ECJ in Schrems II nor by the EDPB recommendations on additional measures following the Schrems II judgment, according to Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

The European Data Protection Supervisor ordered Europol to hand over personal data to Dutch activist Frank van der Linde. The decision is the result of a two-year investigation into Europol's possession and storage of van der Linde's personal data.

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

The processing of personal data that may indirectly reveal sensitive information about an individual, such as information about their sexual orientation, may qualify as processing of "special categories of personal data" within the meaning of the AVG. The processing of such sensitive data is prohibited in principle. This is the EU Court's answer to questions from a Lithuanian judge.

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

Op 21 juni 2022 heeft het Gerechtshof van de Europese Unie (Groot Beschouwingscollege) een baanbrekende uitspraak gedaan waarin het het EU-regime voor het verzamelen en gebruiken van gegevens van reizigers bevestigde, mits dit strikt wordt geïnterpreteerd in overeenstemming met de fundamentele rechten van de EU. Bovendien is het zonder onderscheid verwerken van deze gegevens bij vluchten die uitsluitend binnen de EU plaatsvinden verboden, tenzij er een dreiging van terrorisme bestaat. Over het algemeen moeten de gegevens van de passagiers ook binnen zes maanden worden verwijderd.

> In a landmark ruling of 21 June 2022, the CJEU (Grand Chamber), upheld the EU’s regime to collect and use records of travellers, provided that it is strictly interpreted in line with the EU’s fundamental rights. In addition, indiscriminate processing of the data in cases of flights carried out only within the EU is banned unless there is a threat of terrorism. In general, the passengers’ data must also be deleted after six months at the latest.

> On 5 April 2022, the CJEU added another chapter to the long history of the admissibility of data retention in the EU. In a case concerning the data retention law in Ireland, the CJEU confirmed that general and indiscriminate retention of traffic and location data relating to electronic communication is contrary to Union law even if it intends to combat serious crime.

> The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a Joint Opinion on the Proposal for a Regulation to prevent and combat child sexual abuse.

Europol has more possibilities to cooperate with third countries, including the possibility to exchange personal data with countries where sufficient guarantees exist. In addition, Europol should cooperate more closely with the European Public Prosecutor's Office. Furthermore, the Director of Europol can propose the initiation of national investigations into non-cross-border crimes affecting a common interest covered by an EU policy area.

The proposed rules would require online service providers to detect, report and remove child sexual abuse material on their services. Those providers must also assess the risk of their services being used to distribute child sexual abuse material. A new European Center on Child Sexual Abuse will provide support to providers, law enforcement and victims.