GDPR

NicFab Newsletter Issue 8 | February 17, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 8 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH AUTHORITY COUNCIL OF THE EUROPEAN UNION COURT OF JUSTICE EU DIGITAL MARKETS & PLATFORM REGULATION AI STANDARDS AND CERTIFICATIONS INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills From the NicFab Blog Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY PODCAST “A proposito di privacy” - Workers’ Rights Featured in New Episode The Italian DPA’s latest podcast episode explores workplace privacy rights, drawing from their significant €5 million fine against a food delivery company in November 2024. The case highlighted algorithmic management systems that controlled rider schedules and order assignments while tracking location data beyond working hours without proper consent. ...

NicFab Newsletter Issue 7 | February 10, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 7 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity and ethics. Every Tuesday you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement and technological innovation. In this issue EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills Events and Meetings Conclusion EDPB - EUROPEAN DATA PROTECTION BOARD Opinion 1/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Heineken Group The EDPB has issued its opinion on Heineken Group’s Controller Binding Corporate Rules (BCRs), marking another step in the approval process for these critical data transfer mechanisms. BCRs remain one of the most robust legal bases for international data transfers within corporate groups, particularly following the uncertainty created by the Schrems II decision. ...

Comparative analysis of the IMCO-LIBE Draft Report PE782.530 (rapporteurs Kokalari and McNamara) against the Commission’s proposal COM(2025) 836: fixed deadlines replacing discretionary mechanisms, AI literacy obligation maintained on providers and deployers, strict necessity standard for sensitive data processing, presumption of conformity with the Cyber Resilience Act, and data protection authorities’ involvement in regulatory sandboxes.

NicFab Newsletter Issue 6 | February 3, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 6 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION DIGITAL MARKETS & PLATFORM REGULATION AI STANDARDS AND CERTIFICATIONS INTERNATIONAL DEVELOPMENTS CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in a Nutshell From the NicFab Blog Events and meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Garlasco case: Data Protection Authority warning on information limits The Data Protection Authority has condemned the behavior of the media and websites in their coverage of the Chiara Poggi case, denouncing a progressive increase in the level of detail in the reconstruction of facts, personal contexts, and individual profiles that exceeds legitimate informational purposes. ...

On 28 January 2026, we celebrate Data Protection Day, the anniversary of Convention 108. Between GDPR revision proposals, simplification measures, and new technologies, personal data protection requires constant vigilance. An analysis of current challenges supported by empirical data and institutional sources.

NicFab Newsletter Issue 5 | January 27, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 5 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION COUNCIL OF THE EU DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills From the NicFab Blog Events and Meetings Conclusion EDPB - EUROPEAN DATA PROTECTION BOARD EDPB Document on Cooperation Procedure for Contractual Clauses Authorization The EDPB has published new procedural guidance for the authorization of contractual clauses under Article 46(3)(a) GDPR and the adoption of standard contractual clauses under Article 46(2)(d) GDPR. This document establishes a streamlined cooperation framework between data protection authorities when evaluating custom contractual arrangements for international data transfers. ...

Denmark has proposed amending its copyright law to introduce new personality rights against AI-generated deepfakes. An analysis of the opportunities and risks of this innovative regulatory approach, with a look at the implications for the European debate.

NicFab Newsletter Issue 4 | January 20, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 4 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity and ethics. Every Tuesday you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement and technological innovation. In this issue Italian Privacy Authority EDPS: TechSonar on Agentic AI European Commission European Parliament Council of the EU Court of Justice EU Digital Markets & Platform Regulation Artificial Intelligence Cybersecurity Tech & Innovation AI Act in Pills – Part 3 Upcoming Events Analytical Commentary ITALIAN DATA PROTECTION AUTHORITY Italian DPA: Board Member Guido Scorza Resigns The Italian Data Protection Authority (Garante per la protezione dei dati personali) announced the resignation of Guido Scorza from his position as a member of the Authority’s Board, effective January 17, 2026. Scorza’s departure represents a significant change in the composition of Italy’s privacy regulatory body. ...

NicFab Newsletter Issue 3 | January 13, 2026 Privacy, Data Protection, AI, and Cybersecurity This issue officially kicks off 2026 for the NicFab Newsletter, a year that promises to be particularly significant for the evolution of personal data protection and the Regulation of artificial intelligence. The publication resumes regularly after the holiday break, aiming to continue offering a critical and systemic analysis of the main regulatory, institutional, and technological developments. ...

In the final months of 2025 and early 2026, two independent studies highlighted significant vulnerabilities in WhatsApp’s metadata management. The University of Vienna and SBA Research demonstrated the ability to enumerate 3.5 billion accounts through the contact discovery mechanism, while Tal Be’ery (Zengo) showed how cryptographic key IDs allow inference of operating system, device type, and approximate session age. Meta has begun implementing fixes, but the privacy implications remain significant. This article analyzes the nature of metadata, WhatsApp-specific risks, and presents open source alternatives based on federated protocols such as XMPP and Matrix.