Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus

2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 1 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 Marco Gervasi <marco.gervasi75@gmail.com> EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus IAPP AI Governance Dashboard <publications@iapp.org> Wed, Feb 11, 2026 at 9:40 PM Reply-To: publications@iapp.org To: marco.gervasi75@gmail.com To view this email as a web page, click here 11 Feb. 2026 TOP STORIES EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus The European Data Protection Board and European Data Protection Supervisor issued their much-anticipated joint opinion on the European Commission's Digital Omnibus proposal 11 Feb. While both were generally receptive to the objectives of the Omnibus package, they also outlined several areas where the Commission could revise the package. Most notably, the opinion stated the Omnibus does not reflect the Court of Justice of the European Union precedent establishing the definition of "personal data" under the EU General Data Protection Regulation. IAPP Staff Writer Alex LaCasse reports on the key elements of the joint opinion. Full story -- 1 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 2 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 Tom Kemp discusses CalPrivacy's priorities in 2026 On 1 Jan., California's Delete Request and Opt-Out Platform, known as DROP, became available to state residents. Part of California's Delete Act, the DROP system thus far has seen more than 215,000 residents sign up for the opt-out mechanism. The platform is overseen by the California Privacy Protection Agency and features more than 500 registered data brokers. Tom Kemp is the executive director of the CPPA, also known as CalPrivacy, and sat down with IAPP Editorial Director Jedidiah Bracy to discuss how the DROP system is faring, as well as the priorities the agency is taking in 2026, including the appointment of Sabrina Boyson Ross as CalPrivacy's first chief auditor. Full story PERSPECTIVES Op-ed: EU Digital Omnibus amendments to GDPR to facilitate AI training miss the mark The two major proposals for facilitating AI innovation under the Digital Omnibus' revisions for the EU General Data Protection Regulation "create more issues than they simplify," Tilburg University Global ICT Law Professor Lokke Moerel writes in an op-ed. Moerel indicated one proposal allowing for an unconditional opt out is not compatible when AI developers scrape the internet and use third-party data to train their models. The other proposal allowing developers to rely on an exemption for the processing of "residual" special-category data could subject them to penalties if that information is "used to generate outputs, be inferred, or otherwise be disclosed to third parties" by their model. Full story The global regulatory environment is settling into a phase of sustained structural divergence -- 2 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 3 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 The IAPP released the first in a series of 2026 predictions on the digital space from the organizations' thought leaders. IAPP Principal Researcher for Privacy Management Saz Kanthasamy, CIPP/E, CIPM, FIP, noted U.S. states' digital safety regulations could continue their conflict with federal deregulation efforts. Kanthasamy indicated organizations "that are more reactive to the fragmented maze of requirements risk escalating complexity, cost and strategic drift." Full story LAW & REGULATION European Commission official believes Digital Omnibus criticism is unwarranted In an interview with Euractiv, European Commission Directorate-General for Communications Networks, Content and Technology Roberto Viola said criticism that the proposed Digital Omnibus was too friendly toward Big Tech was unfounded. Viola said the proposed revisions to the EU General Data Protection Regulation and AI Act are necessary to better support EU startups. "We make sure that the AI Act can be actually enforced," Viola said, adding the omnibus' changes will make it easier for companies to follow rules and give the Commission the capacity to issue guidelines supporting compliance. Full story Ireland introduces bill to implement EU AI Act in country Ireland introduced the General Scheme of the Regulation of Artificial Intelligence Bill 2026, which would implement the EU AI Act in the country. The legislation is necessary to put in place the elements of the law that dictate supervision and enforcement provisions at the national level. It would also create a new statutory independent body, the Oifig Intleachta Shaorga na hÉireann, to manage enforcement efforts. Competent authorities' jurisdiction and rules for penalties are also outlined. Full story India's MeitY introduces IT Rule amendments to prevent deepfakes India's Ministry of Electronics and Information Technology introduced proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules to prevent synthetically generated content, including AI deepfakes, Money Control reports. The amendments would require labeling of AI- generated content and "mandate that platforms remove or disable access (of) such content within three hours of receiving a government or court order." -- 3 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 4 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 Full story FRAMEWORKS & STANDARDS OPC discusses role in Canada's AI strategy Privacy Commissioner of Canada Philippe Dufresne appeared before the House of Commons Standing Committee on Access to Information, Privacy and Ethics to discuss the role his office, and data protection in general, plays in AI development and use. His testimony was part of the committee's hearing on the challenges of potentially drafting a federal AI framework. Dufresne discussed privacy by design and transparency as necessary pillars of framework, while noting Canada's privacy law's "must be able to meet this challenge, and to do so will require modernization." Full story UK government to develop deepfake detection framework The U.K. government is committing to building a first-of-its-kind AI deepfake framework detection that will "evaluate how technology can be used to assess, understand and detect harmful deepfake materials, no matter where they come from." Microsoft and other technology providers will contribute to the development of the system. The proposed framework comes as the U.K. recently criminalized the generation of nonconsensual explicit deepfakes and the country's digital regulators have stepped up deepfake enforcement. Meanwhile, UNICEF condemned the recent rise in explicit deepfakes while calling for actions to confront the issue. Full story REGULATORY GUIDANCE Poland's DPA releases AI report Poland's data protection authority, the Urząd Ochrony Danych Osobowych, released its strategic report on AI and data protection based on its survey into organizations' use of AI technology. The survey found 17% of organizations who participated in the survey were already using AI, with 41% using it for administrative processes. The DPA said the results "will be used to develop educational programs for public administration, the medical and educational sectors, cultural and scientific institutions, and entrepreneurs, among others." Full story ENFORCEMENT European Commission issues notice to Meta over potential EEA antitrust violations -- 4 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 5 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 The European Commission issued a preliminary notice to Meta that it was potentially violating European Economic Area antitrust regulations by allegedly excluding third-party AI assistants from interacting with users on its WhatsApp platform. The notice claims Meta is likely to be the dominant party in the EEA for enabling consumer communication apps via WhatsApp and is "likely to be abusing this dominant position by refusing access to WhatsApp to other businesses, including third-party AI assistants." Full story BENCHMARKING & RESEARCH Several European countries lag contemporaries in public sector AI adoption, survey finds According to the newly released Public Sector AI Adoption Index, France, Germany and the U.K. are lagging behind their contemporaries in introducing AI tools to their respective civil services, Euronews reports. Per the index, France ranked last in terms of adoption with 74% of their public sector work force claiming AI "could not perform any part of their work" and 45% reporting they do not use the technology at all. The index was compiled with survey data from 3,335 public servants in 10 countries, including Brazil, India, Japan and the U.S. Full story CYBERSECURITY Cybersecurity and risk trends to watch in 2026 Business insights firm Gartner identified six trends in cybersecurity and risk management that will be pivotal in 2026, including the rise of agentic AI and global regulation volatility. The trends show an increasing need to have properly trained staff prepared to respond to new threats while leveraging AI to make their work easier, the report noted. Full story OPINION Former OpenAI researcher discusses departure, concerns with direction of AI development In a guest essay for The New York Times, former OpenAI researcher Zoë Hitzig opened up about why she recently left the company after it began installing advertisements in their products and largely "stopped asking the questions I'd joined to help answer." She explained concerns around AI chatbots amassing sensitive data through user conversations and how the addition of advertising -- 5 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 6 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 exacerbates the issue. Full story COMMUNITY & CAREERS OneTrust appoints new CEO OneTrust announced former Radiant Systems and Snap One CEO John Heyman has been named to the same role at the company, replacing founder and CEO Kabir Barday, CIPP/E, CIPP/US, CIPM, CIPT, FIP. The move was made to advance OneTrust's AI-Ready Governance Platform going forward. Barday will remain active with the company through his position on its board of directors. "OneTrust's mission to enable innovation through the responsible use of data and AI has never been more critical," Heyman said in a statement. "I look forward to partnering with Kabir and the OneTrust team to deliver on that mission." Full story BUSINESS AllTrue acquisition comes as AI trust concerns grow The cybersecurity company Varonis Systems plans to buy AI trust and risk management company AllTrue, The Wall Street Journal reports. The acquisition is expected to be USD125 million and to close at the end of February. The acquisition comes as Varonis is changing its business model and as concerns about cybersecurity and risk related to AI agent adoption rises. Cyber companies have been making billions of dollars worth of AI acquisitions over the last year. Editor's note: The IAPP recently released the AI Governance Vendor Report 2026. Full story ADVERTISING & MARKETING Companies continue efforts to build out AI personalization The New York Times reports companies are increasing personalized AI offerings, including targeted ads, algorithmic pricing, email summaries and more, but stakeholders are raising concerns regarding user consent attached to personalized services. Hugging Face Researcher Sasha Luccioni noted personalized AI tools are pitched to consumers as "more powerful, but we have less say in things." She added, "It's on us to opt out, and it's usually pretty complicated and not very clear what we should be opting out of." Full story HEALTH CARE -- 6 of 7 -- 2/16/26, 13:49 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 7 of 7 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1856862933762062725&simpl=msg-f:1856862933762062725 Study finds AI chatbots often provide users inaccurate health information A study by Nature Medicine found consumers often receive incorrect information from chatbots when asking questions related to health, The New York Times reports. The research found because medical information can vary depending on the person, chatbots responses may not have that nuance. Full story This email was sent by: The IAPP, 75 Rochester Ave., Portsmouth, NH 03801 USA +1.800.266.6501. This email was sent to you at marco.gervasi75@gmail.com. You received this email because you are a member of the IAPP or you provided your email address to us. We respect your right to privacy; view our privacy statement. To manage all your IAPP email subscriptions individually, visit our subscription page. To unsubscribe from this email and all other IAPP marketing communications, please click here. -- 7 of 7 --