Search

This study was prepared at the request of the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO). It analyses the European Commission’s Digital Omnibus package proposals published on 19 November 2025, distinguishing administrative simplification from more substantive recalibration of safeguards across data, privacy, cybersecurity and artificial intelligence areas. The study highlights key areas of controversy (legal certainty, enforcement capacity, and impacts on ...

This study was prepared at the request of the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO). It analyses the European Commission’s Digital Omnibus package proposals published on 19 November 2025, distinguishing administrative simplification from more substantive recalibration of safeguards across data, privacy, cybersecurity and artificial intelligence areas. The study highlights key areas of controversy (legal certainty, enforcement capacity, and impacts on ...

The 'datafication' of everyday life and various data scandals have made the protection of personal data an increasingly important social, legal and political topic for the European Union (EU). Privacy and data protection are recognised as fundamental rights in EU law and were strengthened when the Lisbon Treaty came into force in 2009, giving the EU a stronger legal basis for updating its data protection and privacy system. In 2012, the European Commission began reforming the outdated framework. ...

Online child sexual abuse materials (CSAM) and grooming practices (manipulation aimed at exploiting and abusing people), now increasingly targeting younger children, have been proliferating at an alarming rate. In 2024, more than 20.5 million reports of suspected online child sexual abuse materials were detected. Reports related to AI-generated CSAM saw a 1 325 % increase, rising from 4 700 in 2023 to 67 000 in 2024. Most activities detected were hosted in Europe. In response to this situation, on ...

The Artificial Intelligence Act (AI Act), adopted in June 2024, is the world’s first comprehensive regulatory framework for AI. It sits at the centre of the EU’s broader digital rulebook, alongside the General Data Protection Regulation (GDPR), the Data Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), the Cyber Resilience Act (CRA), and the NIS2 Directive. Together, these laws aim to promote safety, trust, and competitiveness in Europe’s digital economy. However, questions arise ...

Recent assessments have highlighted shortcomings in the enforcement of the European Union's General Data Protection Regulation (GDPR). These include lengthy procedures, divergent practices, and functional flaws. In response, EU lawmakers negotiated additional procedural rules to ensure the swift and consistent resolution of cross-border cases and to harmonise parties' rights during the procedure. Parliament is set to vote on the provisional agreement reached with the Council on the proposed changes ...

The Data Act aims to create value from data generated by connected products and services, by introducing data-sharing obligations. The principles enshrined in the Act have received general approval, but concerns have been expressed about the clarity of certain definitions, the sharing of commercially sensitive data and its regulatory complexity. Most provisions of the Data Act will apply from 12 September 2025.

China’s data security and privacy laws – the CSL, DSL, and PIPL – create compliance challenges for European companies, especially SMEs. Strategic ambiguity in legislation allows discretion in enforcement, varying across regions and sectors. Cross-border data transfer rules add complexity, with Hong Kong and Macao implementing their own laws. While US firms face stringent CSL enforcement, cases against European firms under PIPL appear to be less politicised. Influenced by GDPR and Asian cybersecurity ...

Since the 2014 invalidation of the Data Retention Directive, the EU legal landscape has become fragmented, causing uncertainty for providers and challenges for law enforcement. With a Commission proposal likely and growing Member State support for a more permissive EU regime, a solid understanding of relevant CJEU case law may help inform Parliament's assessment. Over the past decade, CJEU case law has set detailed requirements for data retention. Laws must respect proportionality and necessity, ...

As law enforcement agencies carry out lawful interception of electronic communications, they face numerous challenges stemming from rapid technological advancements. The growing use of messaging services and the development of 5G networks, which feature enhanced privacy and security measures such as encryption, have had the unintended consequence of hindering law enforcement's access to crucial data. Policymakers and regulators are working to strike a balance between meeting law enforcement needs ...