Legitimate interest under the GDPR continues to be one of the most used, and most misunderstood, legal bases. But what are the most relevant issues to be addressed, and how to use it properly?
12
Data Protection & Cybersecurity
Here you can read some articles on Italian and international privacy, cybersecurity and data protection issues drafted by either Giulio Coraggio or the other authors of GamingTechLaw.
24
With its judgment in Brillen Rottler (C-526/24), the Court of Justice of the European Union (CJEU) has now clarified that, under specific circumstances, a data controller is entitled to refuse an access request — even if it is the first one submitted by the data subject.
08
03
The European Commission has just published for feedback its long-awaited draft guidance to assist companies in applying the Cyber Resilience Act (CRA), a landmark EU regulation aiming to strengthen cybersecurity across the digital product landscape.
25
EDPB binding decisions are challengeable under the GDPR: with its judgment of 10 February 2026 in Case C-97/23 P, the Court of Justice of the European Union confirmed that binding decisions adopted by the European Data Protection Board under Article 65 GDPR can be directly challenged before the EU Courts under Article 263 TFEU.
22
12
The EDPB and EDPS joint opinion on the Digital Omnibus supports the European Commission’s goal of simplifying EU digital rules and strengthening competitiveness.
03
The European Commission’s latest Digital Omnibus package introduces a significant and much-debated idea: allowing AI training based on legitimate interest, under Article 6(1)(f) GDPR, accompanied by a new Article 88c. The proposal formalises something many expected — that training AI systems or AI models on personal data may rely on legitimate interest as a legal basis.
01
The European Commission’s plan with the Digital Omnibus package on incident reporting, which introduces a single-entry point for notifying incidents across GDPR, NIS2, DORA, eIDAS and other EU regimes, aims to simplify compliance but may instead create new operational complexity.
10
The Digital Package on Simplification, proposed by the European Commission, updates key EU laws — including the GDPR, the AI Act, the Data Act, the NIS2 Directive, and the ePrivacy Directive — to modernize and simplify the entire European digital regulatory framework.