On 19 November 2025, the European Commission published its European Data Union Strategy – a policy blueprint intended to unlock the potential of data as a strategic economic asset for the EU, especially in service of artificial intelligence (AI) innovation and…
EU Inc.: Between Competitiveness Rhetoric and Institutional Reality
The European Commission’s announcement in January 2026 that it would soon propose „EU Inc.” – a pan-European legal framework for innovative companies – marks an inflection point in the Union’s long-standing struggle to reconcile regulatory harmonisation with Member State sovereignty.[1] Commission…
ChatGPT Under Fire: Italy’s €15 Million GDPR Fine Against OpenAI and Its Implications
The Italian Data Protection Authority (Garante) has imposed a €15 million fine on OpenAI for multiple General Data Protection Regulation (GDPR) violations related to its flagship AI chatbot, ChatGPT.[1] This significant regulatory action, finalized in December 2024, marks one of the…
Social Media Credit Scoring: A Double-Edged Sword
The emergence of social media as a tool for credit scoring is changing how financial institutions assess creditworthiness. While traditional credit scores have largely relied on an individual’s financial history—such as payment records and debt profile—social media is increasingly being used…
Data Protection and AI Models – EDPB Opinion, OpenAI Fine and DeepSeek Scrutiny
The European Data Protection Board (EDPB) adopted Opinion 28/2024 on 17 December 2024,[1] addressing key data protection issues that arise from the processing of personal data in the context of artificial intelligence (AI) models. Issued at the request of the Irish…
Adapting Non-Contractual Civil Liability Rules to Artificial Intelligence in the European Union
by Wasim Khraisha Artificial Intelligence (AI) has revolutionized modern life, offering unprecedented opportunities across various domains, from healthcare to autonomous systems. However, the integration of AI into society has also introduced risks, including potential harm to individuals and entities due to…
GDPR in Action: Key CJEU Rulings on Data Minimisation and Health Data Processing
by Luca Farkas In two recent cases, the Court of Justice of the European Union (CJEU) clarified the interpretation and application of the General Data Protection Regulation (GDPR), a cornerstone of EU data privacy law designed to protect individuals’ personal data….
GDPR: Second report published by the European Commission
by Fatma Ceren Morbel The European Union’s General Data Protection Regulation (“GDPR”) applies to all organizations that handle personal information related to citizens and residents of the European Union since 2018. The regulation enhanced the rights of data subjects, redefined the…
Quick Law Review: EU Data Act
The final text of the Data Act was adopted on 27 November 2023.[1] The Data Act applies to a narrow set of data, data generated by and access to Internet-connected devices (IoT). Examples of such products include vehicles, household appliances and consumer…
Way-out from the cookie fatigue? – Cookie pledge principles to help consumers to understand tracking and to manage cookies requests through effective choices
by Judit Szalatkay The European Data Privacy Board (EDPB) established a taskforce to set an overview on practices of existing cookie banners. The taskforce published its report[1] in the beginning of the year 2023 in which it identified several deceptive and manipulative…