Spanish Media Win 481 Million Euro Damages Against Meta over GDPR breach
A Madrid court orders Meta to pay 481 million euros for GDPR violations harming Spanish media by exploiting user data for advertising.
compliance
Commission publishes Digital Omnibus proposal
The EU’s new digital package simplifies AI, data, and cybersecurity rules and introduces a European Business Wallet to reduce administrative costs and boost business innovation.
EU Court Clarifies Direct Marketing and Soft Opt-In for Email Newsletters
The Court confirmed unsolicited newsletters promoting paid services fall under e-Privacy Directive’s direct marketing rules, overriding GDPR’s general lawfulness conditions.
Digital Omnibus: What’s proposed and why it matters
EU’s Digital Omnibus consolidates data laws and streamlines incident reporting but proposes GDPR/ePrivacy changes that could materially lower privacy protections, drawing strong criticism.
EDPB Seeks Feedback on GDPR Template Development
The EDPB invites public input to develop practical GDPR compliance templates, including DPIA and breach notification forms, by December 3, 2025.
EDPB Issues Opinion on EU-Brazil Data Protection Adequacy Decision
The EDPB supports the EU-Brazil data adequacy decision but requests clarifications on DPIAs, transparency, law enforcement data use, and national security definitions.
MEPs back new procedures for faster GDPR cross-border enforcement
New EU rules set deadlines and streamlined procedures for cross-border GDPR enforcement, strengthen complainant rights, and promote early consensus among national data protection authorities.
EDPB backs UK adequacy extension under GDPR but urges strict monitoring
EDPB supports six-year extension of UK adequacy decisions to 2031 but urges the Commission to address legal changes, monitor risks and ensure robust oversight and remedies.
EDPS Revises Generative AI Guidance for EU Institutions
EDPS updated guidance strengthens data protection rules for generative AI used by EU institutions, adding a practical compliance checklist and clearer controller/processor responsibilities.
Court of Appeal upholds GDPR fine against Grindr
Norwegian court upheld a major GDPR fine against Grindr for improper processing and sharing of sensitive and location data, stressing stricter requirements for consent, minimization and safeguards.
EU Signs Passenger Data Sharing Agreements with Norway and Iceland
EU signs PNR data-sharing deals with Norway and Iceland, adding privacy safeguards and awaiting EP consent and Council conclusion to strengthen counterterrorism and serious crime cooperation.
EDPB and European Commission Publish Joint Guidelines on DMA and GDPR
EDPB and European Commission issued joint guidelines clarifying how gatekeepers must apply GDPR obligations when complying with the Digital Markets Act; public consultation open until 4 Dec 2025.