The EDPB data breach notification template is a genuine step forward for GDPR compliance, yet it raises five open questions — from forensic-level detail to cross-border coordination — that controllers should debate before the public consultation closes on 5 August 2026.
AI sentiment analysis in the workplace raises critical questions under both the GDPR and the AI Act, as confirmed by a recent warning issued by the Italian Data Protection Authority against Myndoor S.r.l., a company offering a stress-detection plug-in for Slack and Teams corporate chats.
The Italian Data Protection Authority (the Garante) issued a decision that significantly expands the right of access by former employees to their work related emails putting companies at risk of the disclosure of considerable trade secrets and confidential information. While the ruling reinforces the right of access under Article 15 GDPR, it also creates a difficult — and potentially risky — scenario for businesses handling corporate email accounts.
The EDPB and EDPS joint opinion on the Digital Omnibus supports the European Commission’s goal of simplifying EU digital rules and strengthening competitiveness.
The European Commission’s latest Digital Omnibus package introduces a significant and much-debated idea: allowing AI training based on legitimate interest, under Article 6(1)(f) GDPR, accompanied by a new Article 88c. The proposal formalises something many expected — that training AI systems or AI models on personal data may rely on legitimate interest as a legal basis.
The European Commission’s proposal to codify legitimate interest as a legal basis for AI training marks the most significant reform to the GDPR since its adoption. By explicitly recognizing legitimate interest as legal basis for AI training, the Commission aims to reconcile data protection with the realities of modern artificial intelligence.
