Insights
Search Results
Client Highlights
3.31.26
OpenAI Prevails in Landmark Italian AI and GDPR Enforcement Case
On March 18, 2026, the Court of Rome ruled in OpenAI’s favor, annulling a €15 million fine and an order requiring OpenAI to conduct a media campaign about AI model training that had been imposed by the Italian Data Protection Authority (Garante).
Alerts
9.22.25
EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR
On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.
Alerts
12.20.24
EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).
Alerts
7.06.23
EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations
In a landmark judgment issued on July 4, 2023, the European top court, the Court of Justice (ECJ), ruled that competition authorities in the EU can consider a company’s compliance with the EU’s data protection rules when assessing whether it abused its dominant position. In addition, the ECJ ruled on important General Data Protection Regulation (GDPR) clarifications on the legal bases for personalized advertising.
Alerts
6.15.23
Europe Prepares for a New Era in AI Regulation
In Europe, recent advances in artificial intelligence (AI) have given rise to intense debate over how this technology should be regulated. Companies that have developed AI tools, or who are considering implementing AI, should assess the implications of recent legislative developments and regulatory action. This alert discusses the most recent legislative and regulatory developments in Europe and identifies key steps companies should take in light of these developments.
Alerts
3.17.23
EU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to inquire about their designation and position in their respective organizations. The DPAs will also investigate compliance with the DPO-related requirements and follow-up on ongoing formal investigations. Organizations should consider reviewing their compliance with the General Data Protection Regulation (GDPR) requirements on DPOs in light of the upcoming DPA wave of enforcement.
Alerts
1.27.23
CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests
On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled1 that the data subject’s right of access to personal data2 requires controllers to provide the data subject with the identity of the companies that they have shared or will share data with. This is a sharp departure from current market practice since many controllers typically provide the categories of data recipients, and not their actual identity, when responding to data subjects access requests.