The European Commission has issued a draft decision recognising Brazil’s data protection law (LGPD) as providing protections essentially equivalent to the EU’s GDPR. If adopted, it will allow personal data to flow freely between the EU and Brazil without additional safeguards
The European Commission is working on new rules to reduce the number of cookie banners by promoting centralized consent tools and simplifying digital consent. The aim is to make online privacy protections more user-friendly without undermining GDPR standards.
The Commission is seeking concrete, specific and concise feedback, including real-world use cases and practical examples. The consultation is open until 2 October 2025, and all contributions may be published in anonymised or non-anonymised form depending on the respondent's preferences.
The European Committee for Standardization (CEN ) and the European Committee for Electrotechnical (CENELEC), two leading European standardisation bodies, have submitted a formal response to the European Commission’s Call for Evidence on updating the New Legislative Framework (NLF) — the legal structure that supports harmonised product rules across the EU. The NLF was originally established [...]
The European Commission has confirmed that the Data Act will take effect on 12 September, rejecting industry calls for a two-year delay. The law regulates data sharing from connected devices and is seen as a key part of Europe’s digital strategy, though some companies warn it could slow AI innovation.
On 3 September 2025, cybersecurity agencies from the United States, Europe, Asia, and Oceania released joint guidance promoting Software Bills of Materials (SBOM) as a tool for improving transparency in software supply chains. The document highlights how SBOMs can help organizations manage vulnerabilities, strengthen risk management, and support secure-by-design practices across critical sectors.
After the General Court dismissed a challenge to the EU-US data transfer deal, Max Schrems and his group NOYB warned that the agreement is little more than a repeat of past unlawful frameworks.
The Court rejected arguments that US safeguards are insufficient, ruling that the newly established Data Protection Review Court is independent and that American intelligence agencies’ data collection practices meet EU standards when subject to judicial review.
The FTC and Utah have taken action against Pornhub’s operator, Aylo, for failing to stop child sexual abuse and nonconsensual content on its sites. Under a proposed settlement, Aylo must overhaul its content safety systems, verify user consent, and pay $5 million in penalties.
France’s CNIL fined Google €325 million for showing Gmail ads without consent and setting cookies improperly during account creation. The ruling affects tens of millions of French users and requires Google to change its practices or face further penalties.
Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.
