Germany’s state data protection authorities have issued a joint statement opposing a draft law that would transfer oversight of high-risk AI systems to the Federal Network Agency. They argue the move would weaken fundamental rights protections, contradict the EU’s AI Act, and potentially breach Germany’s federal constitution
The European Commission has issued a draft decision recognising Brazil’s data protection law (LGPD) as providing protections essentially equivalent to the EU’s GDPR. If adopted, it will allow personal data to flow freely between the EU and Brazil without additional safeguards
The European Commission is working on new rules to reduce the number of cookie banners by promoting centralized consent tools and simplifying digital consent. The aim is to make online privacy protections more user-friendly without undermining GDPR standards.
The Commission is seeking concrete, specific and concise feedback, including real-world use cases and practical examples. The consultation is open until 2 October 2025, and all contributions may be published in anonymised or non-anonymised form depending on the respondent's preferences.
The European Committee for Standardization (CEN ) and the European Committee for Electrotechnical (CENELEC), two leading European standardisation bodies, have submitted a formal response to the European Commission’s Call for Evidence on updating the New Legislative Framework (NLF) — the legal structure that supports harmonised product rules across the EU. The NLF was originally established [...]
The European Commission has confirmed that the Data Act will take effect on 12 September, rejecting industry calls for a two-year delay. The law regulates data sharing from connected devices and is seen as a key part of Europe’s digital strategy, though some companies warn it could slow AI innovation.
On 3 September 2025, cybersecurity agencies from the United States, Europe, Asia, and Oceania released joint guidance promoting Software Bills of Materials (SBOM) as a tool for improving transparency in software supply chains. The document highlights how SBOMs can help organizations manage vulnerabilities, strengthen risk management, and support secure-by-design practices across critical sectors.
After the General Court dismissed a challenge to the EU-US data transfer deal, Max Schrems and his group NOYB warned that the agreement is little more than a repeat of past unlawful frameworks.
The Court rejected arguments that US safeguards are insufficient, ruling that the newly established Data Protection Review Court is independent and that American intelligence agencies’ data collection practices meet EU standards when subject to judicial review.
The FTC and Utah have taken action against Pornhub’s operator, Aylo, for failing to stop child sexual abuse and nonconsensual content on its sites. Under a proposed settlement, Aylo must overhaul its content safety systems, verify user consent, and pay $5 million in penalties.
Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.
