Monday, June 22, 2026
Marco andrea@passaglia.it
The Bellwether

A morning brief, composed for you when the sources say something worth saying.

‹ Reference

Gmail 2 - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus

report Reference Materials/IAPP Reports source ↗ 15 KB text added 6/4/2026
2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 1 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 Marco Gervasi <marco.gervasi75@gmail.com> EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus IAPP Europe Data Protection Digest <publications@iapp.org> Fri, Feb 13, 2026 at 6:16 AM Reply-To: publications@iapp.org To: marco.gervasi75@gmail.com To view this email as a web page, click here 13 Feb. 2026 Quick Links IAPP Newsletter Subscriptions - Career Central - IAPP UK Intensive 2026: Privacy | AI Governance | Cybersecurity Law - Become a Member - Resource Center A view from Brussels: Shifting into second gear against cyberbullying The European Commission this week released its action plan against cyberbullying with three pillars of action: a coordinated EU approach largely based on leveraging the existing legal framework; prevention and awareness; and reporting and support. IAPP Managing Director, Europe, Isabelle Roccia explains how the Commission plans to further leverage its already expansive rulebook to fight against cyberbullying by expanding the focus on tackling the issue in the review of Digital Services Act guidelines on the protection of minors, seeking expert advice on social media age restrictions in Europe, and more. Upcoming Events Ongoing IAPP Live Online Training This month: 24 Feb., KnowledgeNets Hungary — -- 1 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 2 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 Read more Isabelle Roccia, CIPP/E IAPP Managing Director, Europe IAPP AI Governance Global Europe 2026 GET EARLY BIRD PRICES FOR IAPP AIGG 2026 Register before 6 March for IAPP AI Governance Global Europe 2026 to save up to 100 euros. Act now for the best value to find the tools you need to tackle AI governance challenges head-on. IAPP AI Governance Global Europe 2026 1-4 June | Dublin Register now IAPP NEWS EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus The European Data Protection Board and European Data Protection Supervisor issued their much-anticipated joint opinion on the European Commission's Digital Omnibus proposal 11 Feb. While both were generally receptive to the objectives of the Omnibus package, they also outlined several areas where the Commission could revise the package. Most notably, the opinion stated the Omnibus does not reflect the Court of Justice of the European Union precedent establishing the definition of "personal data" under the EU General Data Protection Regulation. IAPP Staff Writer Alex LaCasse reports on the key elements of the joint opinion. Full story IAPP NEWS CJEU rules Meta can challenge EDPB's binding WhatsApp decision The Court of Justice of the European Union ruled Meta has the right to appeal the European Data Protection Board's 2021 WhatsApp decision resulting in a 225 million euro EU General Data Protection Regulation fine over transparency and data processing allegations. IAPP Staff Writer Lexie White reports on the CJEU's ruling and how the decision could allow organizations to more easily challenge enforcement decisions. Virtual Copenhagen — Virtual IAPP Conferences: 25-26 Feb., London IAPP UK Intensive 2026: Privacy | AI governance | Cybersecurity law 30-31 March, Washington, DC IAPP Global Summit 2026: Privacy | AI governance | Cybersecurity law 4-5 May, Toronto IAPP Canada Symposium 2026: Privacy | AI governance | Cybersecurity law 3-4 June, Dublin IAPP AI Governance Global Europe 2026 24-25 June, Portsmouth, NH, U.S. Navigate 2026: Digital Policy Leadership Summit -- 2 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 3 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 Full story Sponsored Content Join the AI Governance Leadership Forum — virtual event On 12 March, top minds in data privacy, risk and security decode real-world AI governance at enterprise scale. Gain frameworks, network with peers, earn CPE credits and learn how to build trust, manage risk and stay ahead of emerging regulations. Save your spot ENFORCEMENT—EU EDPB adopts 2026-27 work programme The European Data Protection Board published its 2026-27 work programme, which supports the board's 2024-27 strategy. Focuses for the next year include promotion of EU General Data Protection Regulation harmonization and compliance, effective enforcement cooperation among board members, maintaining data protection focuses in cross-regulatory contexts and improving ongoing participation in global data protection dialogues. Full story PERSPECTIVES Op-ed: EU Digital Omnibus amendments to GDPR to facilitate AI training miss the mark The two major proposals for facilitating AI innovation under the Digital Omnibus' revisions for the EU General Data Protection Regulation "create more issues than they simplify," Tilburg University Global ICT Law Professor Lokke Moerel writes in an op-ed. Moerel indicated one proposal allowing for an unconditional opt out is not compatible when AI developers scrape the internet and use third-party data to train their models. The other proposal allowing developers to rely on an exemption for the processing of "residual" special-category data could subject them to penalties if that information is "used to generate outputs, be inferred, or otherwise be disclosed to third parties" by their model. Full story -- 3 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 4 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 LAW & REGULATION—EU European Commission official believes Digital Omnibus criticism is unwarranted In an interview with Euractiv, European Commission Directorate-General for Communications Networks, Content and Technology Roberto Viola said criticism that the proposed Digital Omnibus was too friendly toward Big Tech was unfounded. Viola said the proposed revisions to the EU General Data Protection Regulation and AI Act are necessary to better support EU startups. "We make sure that the AI Act can be actually enforced," Viola said, adding the omnibus' changes will make it easier for companies to follow rules and give the Commission the capacity to issue guidelines supporting compliance. Full story PERSPECTIVES CJEU says observed personal data is collected directly from the data subject — what it means in practice The Court of Justice of the European Union issued a December 2025 clarifying individuals' data is considered personal data if it is directly collected from the data subject. Myriad AI Compliance, Cybersecurity and Operational Risk Consultant František Nonnemann details what the clarification means for EU General Data Protection Regulation enforcement and additional regulatory efforts. Full story -- 4 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 5 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 CHILDREN'S ONLINE SAFETY—CZECH REPUBLIC Prime minister of the Czech Republic voices support for under 15 social media ban Czech Republic Prime Minister Andrej Babis indicated support for legislation that would ban children under age 15 from accessing social media platforms, Reuters reports. "I am in favour because the experts I know say that it is terribly harmful to children. We must protect our children," Babis said in a video. France and Spain are among the other EU member states exploring similar bans. Editor's note: Global data protection enforcers will speak during a breakout session on children's online safety and age assurance technology at the IAPP Global Summit 2026 in Washington, D.C. Full story FRAMEWORKS & STANDARDS UK government to develop deepfake detection framework The U.K. government is committing to building a first-of-its-kind AI deepfake framework detection that will "evaluate how technology can be used to assess, understand and detect harmful deepfake materials, no matter where they come from." Microsoft and other technology providers will contribute to the development of the system. The proposed framework comes as the U.K. recently criminalized the generation of nonconsensual explicit deepfakes and the country's digital regulators have stepped up deepfake enforcement. Meanwhile, UNICEF condemned the recent rise in explicit deepfakes while calling for actions to confront the issue. Full story -- 5 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 6 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 REGULATORY GUIDANCE—U.K. ICO releases updated guidance on organizations' code of conduct The U.K. Information Commissioner's Office released additional guidance detailing expectations for organizations and their codes of conduct in accordance with the Data (Use and Access) Act. The update urges public bodies to implement a recommended code of conduct to meet the data protection and cybersecurity concerns within their sector. The ICO noted its approved codes as "a way of demonstrating accountability" while encouraging "associations, representatives and other expert public bodies" to create codes. Full story ENFORCEMENT—EU Preliminary probe finds TikTok's design features violate DSA The European Commission announced preliminary findings on TikTok's alleged addictive design suggest violations of the Digital Services Act. The initial probe found TikTok did not adequately conduct risk assessments around design features, including its "highly personalised recommender system." TikTok can exercise the right to defense while the Commission works to confirm its findings, which could result in a noncompliance decision and a fine. Full story EMPLOYMENT—ITALY Garante to probe Amazon workplace monitoring Italy's data protection authority, the Garante, will join the National Labor Inspectorate in a joint supervisory initiative covering allegations around workplace surveillance practices at select Amazon distribution centers. The supervision seeks to understand "potential critical issues in the acquisition and processing of workers' personal data and in the use of video surveillance systems in the absence of the guarantees required by the Workers' Statute." -- 6 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 7 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 Full story INCIDENT RESPONSE—NETHERLANDS Netherlands' DPA data breach impacts employee information Software used by the Netherlands' data protection authority, Autoriteit Persoonsgegevens, to manage mobile devices allegedly breached AP employees' email addresses, names and phone numbers. The Council for the Judiciary and the AP will investigate the extent of the Ivanti Endpoint Manager Mobile breach and determine if other government agencies were affected. Full story COMMUNITY & CAREERS OneTrust appoints new CEO OneTrust announced former Radiant Systems and Snap One CEO John Heyman has been named to the same role at the company, replacing founder and CEO Kabir Barday, CIPP/E, CIPP/US, CIPM, CIPT, FIP. The move was made to advance OneTrust's AI- Ready Governance Platform going forward. Barday will remain active with the company through his position on its board of directors. "OneTrust's mission to enable innovation through the responsible use of data and AI has never been more critical," Heyman said in a statement. "I look forward to partnering with Kabir and the OneTrust team to deliver on that mission." Full story ADVERTISING & MARKETING Companies continue efforts to build out AI personalization The New York Times reports companies are increasing personalized AI offerings, including targeted ads, algorithmic pricing, email summaries and more, but stakeholders are raising concerns regarding user consent attached to personalized services. Hugging Face Researcher Sasha Luccioni noted personalized AI tools are pitched to consumers as "more powerful, but we have less say in things." She added, "It's on us to opt out, and it's usually pretty complicated and not very clear what we should be opting out of." Full story IDENTITY & VERIFICATION Discord to introduce age-assurance checks The social platform Discord will begin requiring users to submit a facial scan or upload copies of their ID to access adult content, the BBC reports. Users who do not will be placed into a teen-appropriate experience by default, which means the content they see and how they communicate will be restricted unless they submit to the age check to prove they are an adult. Full story -- 7 of 8 -- 2/16/26, 13:51 Gmail - EDPB, EDPS detail concerns over personal data definition in joint opinion on Digital Omnibus Page 8 of 8 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&search…gid=msg-f:1856985995112456388&simpl=msg-f:1856985995112456388 All Current Job Listings UP-TO-DATE RESOURCES TO POWER YOUR CAREER Keeping up with all the latest developments in privacy, AI governance and cybersecurity law can be difficult, unless you are an IAPP member. Retain your access to tools and trackers, cutting-edge research and a library of web conferences by renewing today. IAPP membership Renew your membership JUSTIFY YOUR TRIP TO IAPP INTENSIVE 2026 Budgets are tight, but digital responsibility still needs to be addressed. Get help showing your boss the value of attending IAPP UK Intensive 2026: Privacy |AI governance | Cybersecurity law by downloading our justification letter template. IAPP UK Intensive 2026: Privacy | AI governance | Cybersecurity law 23-26 Feb. | London Learn more Copyright© 2000–2026 IAPP. The views in this eNewsletter, if any, are those of the authors and are not necessarily those of the IAPP. This email was sent by: The IAPP, 75 Rochester Ave., Suite 4, Portsmouth, NH 03801 USA +1 603.427.9200 This email was sent by: The IAPP, 75 Rochester Ave., Portsmouth, NH 03801 USA +1.800.266.6501. This email was sent to you at marco.gervasi75@gmail.com. You received this email because you are a member of the IAPP or you provided your email address to us. We respect your right to privacy; view our privacy statement. To manage all your IAPP email subscriptions individually, visit our subscription page. To unsubscribe from this email and all other IAPP marketing communications, please click here. -- 8 of 8 --
Bellwether · 2026 Marco