Inside Privacy

Updates on developments in data privacy and cybersecurity

Subscribe via RSS
Visit Blog

Latest from Inside Privacy - Page 2

On March 19, 2026, the CJEU issued its judgment in the Brillen Rottler case (C‑526/24).  The case concerns the GDPR right of access and the conditions for claiming damages.  In the underlying facts, an Austrian individual subscribed to Brillen Rottler’s newsletter and, two weeks later, exercised his right of access.  The shopkeeper rejected the request

On 18 March 2026, the European Parliament’s Committee on the Internal Market and Consumer Protection (“IMCO”) and the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) adopted their joint negotiating position on the European Commission’s proposed Digital Omnibus on AI (which we previously analysed here). The position will now proceed to a plenary

On March 12, 2026, the Italian Data Protection (“Garante”) adopted a decision concerning the transfer of personal data of banking customers from Intesa Sanpaolo S.p.A. (the “Bank”) to Isybank S.p.A., a newly established digital bank within the same corporate group.  The Garante found that the Bank’s processing in connection with the transfer of approximately 2.4

On March 12, 2026, the Federal Trade Commission (“FTC”) announced an Advanced Notice of Proposed Rulemaking (“ANPRM”) seeking public comment on a proposed rulemaking focusing on potential unfair or deceptive acts or practices in the rental housing market. This ANPRM contemplates requiring landlords and property managers to provide full, upfront disclosure of all mandatory charges

On March 11, 2026, the Federal Trade Commission (“FTC” or “the Commission”) announced an Advanced Notice of Proposed Rulemaking (“ANPRM”) regarding its Rule Concerning the Use of Prenotification Negative Option Plans, commonly known as the Negative Option Rule (“the Rule”).  This ANPRM signals the beginning of a rulemaking process that will expand the scope of

On February 27, 2026, CalPrivacy and PlayOn settled a CCPA claim for $1.1 million. PlayOn is a digital ticketing platform used by schools and other organizations for ticketing, streaming, fundraising, concessions, merchandise sales, and website management. The settlement resolves allegations that PlayOn unlawfully “sold” and “shared” users’ personal information without providing sufficient opt-outs and notice,

On March 6, 2026, the Administration released “President Trump’s Cyber Strategy for America” alongside an Executive Order (entitled “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens”) and accompanying Fact Sheet.  The framework set forth in the Strategy document is significantly shorter and higher-level than the prior National Cybersecurity Strategy issued in

In February 2026, the Spanish data protection authority (Agencia Española de Protección de Datos, “AEPD”) published guidance on data protection issues related to the use of AI agents. The guidance follows an earlier, similar analysis by the UK Information Commissioner’s Office, which we discussed in a prior blog post.

Helpfully, AEPD’s guidance maps key

On February 13, 2026, France’s highest administrative court (“Conseil d’État”) delivered an important decision clarifying the boundary between pseudonymization and anonymization under the GDPR. The ruling confirms that data which remain re‑identifiable in practice—even with some effort—must be treated as personal data under the GDPR by service providers, unless the risk of re‑identification by such