Data protection newsletter - Issue 20

We delve into the steps organisations can take now to prepare for the AI Act's compliance requirements, highlighting the importance of leveraging frameworks such as ISO42001 and the NIST AI Risk Management Framework. These tools can help organisations establish robust governance structures ensuring the ethical and effective deployment of AI technologies while staying ahead of regulatory obligations.

Insights from the recent DPO Network Conference held in Dublin are also covered. Key topics include the Data Protection Commission's (DPC) regulatory priorities for 2025, new standard contractual clauses (SCCs) for data transfers and the evolving role of Data Protection Officers. The discussion emphasised the importance of proactive involvement from DPOs and the need for organisations to keep pace with updates such as the Online Safety Code and Data Privacy Framework.

This issue also features updates on the European Data Protection Board's (EDPB) draft guidance on legitimate interests under GDPR. The guidance offers practical steps to help organisations balance the necessity of data processing with the rights and freedoms of individuals. Additionally, we examine the latest EDPB guidelines on the technical scope of Article 5(3) of the ePrivacy Directive including its implications for emerging technologies such as IoT devices and IP-based tracking.

Finally, we highlight a recent enforcement action by the Irish DPC which issued a €310 million fine to LinkedIn for invalid consent and misuse of legitimate interests in behavioural advertising practices. This case serves as a reminder of the importance of robust compliance strategies and transparent data handling.

Whether you're navigating new regulations, refining your data protection strategy or addressing emerging technologies, this newsletter is designed to support you with actionable insights.

Read the full data protection newsletter - Issue 20