PrivacySignal
GDPR / Intl

CNIL Updates Two Standards For Health Research (MR-001 and MR-003)

Inside Privacy (Covington) · · International · GDPR & International

On May 26, 2026, the French data protection authority (“CNIL”) published updated versions of its Reference Methodology 001 (“MR-001”, available here in French) and Reference Methodology 003 (“MR-003”, available here in French), two key frameworks governing the processing of personal data in the context of health research. Under the French Data Protection Act, unless one... Continue Reading…

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

GDPR / Intl
EDPB · · EU

EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing

The European Data Protection Board and the newly established Anti-Money Laundering Authority have announced a joint effort to develop guidelines on how financial institutions can share customer information to fight money laundering and terrorist financing without violating data protection rules. The collaboration stems from an explicit provision in the EU's AML Regulation allowing such information exchanges.

Who should care: Lawyers · Privacy officers · AI governance · Compliance

#gdpr#regulation Read original →
GDPR / Intl
noyb (None of Your Business) · · EU

US Supreme Court just blew up EU-US Data Transfers

Data Transfers On Monday, the US Supreme Court decided in Trump v. Slaughter that the US Federal Trade Commission (“FTC”) may not be independent anymore. Since 2000, the EU has relied on the “independent” FTC as the enforcer of EU-US deals on personal data. According to EU treaty law, such oversight must be independent. In the current EU-US deal, the European Commission relies on the independent FTC 259 (!) times. Max Schrems: “Given that there are no independent authorities in the US anymore, we call on the European Commission to orderly withdraw the adequacy decision on the US.” Commission…

Who should care: Lawyers · Privacy officers · AI governance

GDPR / Intl
M Maryland Association of Counties · · International

Attorney General Releases Guidance on Community Trust and Data Privacy Acts

A state Attorney General has released formal guidance on laws governing community trust and data privacy, providing direction to counties on how to interpret and apply both statutes. The guidance appears aimed at helping local governments align their practices with the requirements of the acts.

Who should care: Lawyers · Privacy officers · Compliance

#state-privacy#regulation Read original →
GDPR / Intl
CNIL · · EU / France

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Data protection authorities from G7 nations have jointly adopted a set of principles addressing how emerging technologies should handle children's data and safeguard minors online. The agreement signals coordinated regulatory intent across major democracies to hold technology developers to higher standards when children are involved.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
DataBreaches.net · · International

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner's Office has published a report summarizing findings from its audits of educational technology providers, outlining how those companies handle personal data and where improvements were identified or made.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →