The EDPB has published a harmonised DPIA template, now open for public consultation until 9 June 2026. The template introduces a clear methodological distinction between risks inherent in the processing design and risks arising from non-default events. An analysis of its structure and implications for practitioners.
Proton launches Born Private: parents can reserve an encrypted email address for their children, protected for up to 15 years. A commentary on children’s digital identity, GDPR, and privacy by design.
The European Commission has preliminarily found Pornhub, Stripchat, XNXX and XVideos in breach of the Digital Services Act for failing to protect minors. The case brings a broader question back into focus: how to achieve age verification that is truly effective, proportionate and data protection-compliant, at a time when the European digital identity ecosystem is still under construction.
In the final months of 2025 and early 2026, two independent studies highlighted significant vulnerabilities in WhatsApp’s metadata management. The University of Vienna and SBA Research demonstrated the ability to enumerate 3.5 billion accounts through the contact discovery mechanism, while Tal Be’ery (Zengo) showed how cryptographic key IDs allow inference of operating system, device type, and approximate session age. Meta has begun implementing fixes, but the privacy implications remain significant. This article analyzes the nature of metadata, WhatsApp-specific risks, and presents open source alternatives based on federated protocols such as XMPP and Matrix.
The Digital Omnibus Package introduces profound changes to GDPR and cookie rules: new consent exceptions, automated signals, and legitimate interest for AI training. Critical analysis of implications for privacy and fundamental rights.
Guide to Legal Prompting techniques for legal professionals: from the anatomy of an effective prompt to advanced techniques (Chain-of-Thought, RAG), with a focus on GDPR compliance, hallucination risks, open source vs. cloud models, and best practices for law firms. Includes in-depth analysis of the limitations of RAG (Stanford Study 2025) and operational guidelines for the safe use of LLMs in the legal field.
In-depth analysis of the new EDPS guidelines (version 2) on the use of generative AI systems and compliance with Regulation (EU) 2018/1725. 16 key questions for EU institutions and bodies.
Video of the conference held on October 10, 2025 in Rome for the presentation of the book ‘Artificial Intelligence, Privacy and Neural Networks: The Balance Between Innovation, Knowledge and Ethics in the Digital Age’.
Public consultation open until 4 December 2025 on guidelines regulating the interplay between Digital Markets Act and GDPR
📚 NOW ON ARXIV: “Affective Computing and Emotional Data: Challenges and Implications in Privacy Regulations, The AI Act, and Ethics in Large Language Models.” I’m pleased to share that my research paper is now publicly available on arXiv. 🎯 Core Question: How should we regulate AI systems that can recognize and respond to human emotions? 📊 Key Topics Covered: • Emotional intelligence in Large Language Models (ChatGPT, Claude) • Transformation of human emotions into processable data • GDPR classification of emotional data as sensitive information • EU AI Act implications for emotion recognition systems • Case study: OpenAI’s ChatGPT-4.5 emotional capabilities ...