European Union
AI and copyright: from ‘machine-readable’ to ‘machine-actionable’ in the opt-out from TDM: a question of vocabulary or technical governance?
The debate regarding reservation of rights (opt-out) for AI training has shifted from principles to infrastructure. The German decision in the LAION case rekindles the key issue: how to turn ‘machine-readable’ into a ‘machine-actionable’ mechanism that is interoperable and proportional.New guidance on vehicle data and the Data Act: challenges and opportunities
The European Commission has published the first guidelines clarifying how the obligations of the Data Act apply to connected vehicles. The document provides guidance for manufacturers, providers and users on access to, and use and transmission of, the data generated by vehicles, paving the way to a new stage in automotive data governance and the structure of future business models based on digital mobility.Data Economy, Privacy and Cybersecurity Newsletter - November 2025
In this newsletter, we offer the latest updates on everything related to the data economy, privacy, and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.Is pseudonymized data personal data? Key points following the European Court of Justice's judgment in the EDPS v SRB case
The judgment delivered by the European Court of Justice (CJEU) on September 4, 2025 in the EDPS v SRB case (case C 413/23 P) is an important landmark in the field of data protection, because it deals with the concept of “personal data” which is at the heart of the practice.The Data Act and cloud switching: keys to the new rules on changing cloud service providers
The new EU Data Regulation (Data Act) introduces an unprecedented regime to facilitate switching between cloud service providers. The aim: to eliminate the technical and contractual obstacles that have constrained many users. As from September 2025, portability will be a legally binding right with specific obligations for providers.Proposal by the European Commission to amend the GDPR: a critical review and practical suggestions
The European Commission has recently presented a proposal to amend the GDPR with a view to reducing the bureaucratic burden on small and medium-sized companies. The main measure that has been introduced is to expand the exceptions to the obligation to keep a Record of Processing Activities (RoPA). Although the intention behind the amendment is positive, the approach taken has been criticized because it fails to bear in mind the essence of compliance with the Regulation. We analyze what this implies (not necessarily an improvement for small and medium-sized companies) and propose various alternatives to facilitate compliance with the GDPR.Data Economy, Privacy and Cybersecurity Newsletter - June 2025
In this newsletter we offer the latest news on data protection, privacy and cybersecurity. We address the most recent resolutions of the competent authorities and agencies, key judgements and the most relevant current issues in this area.The European Commission continues unpacking the Artificial Intelligence Act: definition of artificial intelligence system and the general-purpose AI code of practice
On February 6, the European Commission published guidelines to assist the various operators in the artificial intelligence environment to determine whether they are dealing with an artificial intelligence system within the meaning of Regulation (EU) 2024/1689 on artificial intelligence. Additionally, on March 11, it published the third draft of the general-purpose AI code of practice. In the following article, we unpack the key points of both documents.Data Economy, Privacy and Cybersecurity Newsletter - April 2025
In this newsletter, we offer the latest updates on everything related to the data economy, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.