PrivacySignal
GDPR / Intl

EDPB calls for legal basis for cross-regulatory information sharing

EDPB · · EU · GDPR & International

At a July 2026 meeting in Dublin, the European Data Protection Board called for an explicit legal foundation governing how data protection authorities share information with regulators outside their jurisdiction. The EDPB also discussed deepening cooperation among DPAs to strengthen consistent GDPR enforcement across the EU.

Why this matters: Right now, privacy regulators and other regulators — think competition, financial, or AI oversight bodies — often cannot cleanly share what they know about the same company. That gap lets problems fall between agencies. The EDPB wants a legal framework that closes it. This matters because enforcement is only as strong as coordination. If a company's data practices touch multiple regulators but none of them can fully talk to each other, accountability gets diffuse and companies benefit from the confusion. A clear legal basis for sharing changes that.

Who should care: Lawyers · Privacy officers · AI governance · Compliance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

GDPR / Intl
Just Security · · US Federal

To Audition for the Role of Attorney General, Blanche Is Prosecuting to Please

Legal analysts at Just Security argue that Todd Blanche, Trump's nominee for Attorney General, has pursued prosecutions of figures like James Comey in ways that appear designed to satisfy political preferences rather than independent legal judgment. Critics describe the pattern as prosecutorial sycophancy aimed at securing the top law enforcement post.

Who should care: Lawyers · Privacy officers · Compliance

#state-privacy Read original →
GDPR / Intl
IAPP · · International

Thought for the week: Web scraping for generative AI is subject to the GDPR

A commentary from the IAPP argues that web scraping used to build generative AI training datasets falls within the scope of GDPR, meaning the collection and processing of personal data found online is not exempt simply because it occurs at scale or at the infrastructure level.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

GDPR / Intl
Information Commissioner's Office · · UK

ICO consultation on the corporate strategy

I don't have enough information to write an accurate briefing from this input. The headline and excerpt appear to be a navigation label or page title rather than a substantive news story — there are no facts about what the strategy contains, what is being consulted on, or what changes are proposed.

Who should care: Lawyers · Privacy officers · AI governance

GDPR / Intl
EDPB · · EU

EDPB sheds light on anonymisation and web scraping for generative AI and adopts final version of guidelines on blockchain

The European Data Protection Board has adopted new guidelines on anonymisation, web scraping for generative AI, and blockchain data processing. The anonymisation guidance incorporates recent Court of Justice of the EU case law to clarify when data can genuinely be considered anonymous under European privacy law.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#ai#privacy Read original →
GDPR / Intl
EDPB · · EU

EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing

The European Data Protection Board and the newly established Anti-Money Laundering Authority have announced a joint effort to develop guidelines on how financial institutions can share customer information to fight money laundering and terrorist financing without violating data protection rules. The collaboration stems from an explicit provision in the EU's AML Regulation allowing such information exchanges.

Who should care: Lawyers · Privacy officers · AI governance · Compliance · General readers · Policy

#gdpr#regulation#privacy Read original →
GDPR / Intl
noyb (None of Your Business) · · EU

US Supreme Court just blew up EU-US Data Transfers

The US Supreme Court's ruling in Trump v. Slaughter has put the FTC's independence in doubt, which directly threatens the legal foundation of EU-US data transfer agreements. The current adequacy framework cites the FTC as an independent enforcer 259 times, a requirement under EU law that may no longer be satisfied.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →