%20(A2%20(Landscape))%20(1).png)
EU Level,
GDPR
Data Protection Day 2026 – On January 28, the European Data Protection Board (EDPB) highlighted the need for extra vigilance in protecting children’s personal data online, given the constantly emerging digital risks. This EU-wide awareness initiative underscored ongoing efforts by data protection authorities to safeguard minors’ privacy in an evolving online environment.
EU AI Act
EDPB-EDPS Joint Opinion – On January 21, the EDPB and the European Data Protection Supervisor issued a joint opinion on the European Commission’s “AI Omnibus” proposal to streamline implementation of the upcoming AI Act. The data protection authorities support efforts to ease administrative burdens so long as fundamental rights are not weakened, cautioning that some simplification measures (e.g. broader use of sensitive data for AI bias correction) must include strict safeguards
DSA
Investigation of X (Twitter) – The European Commission launched a formal DSA investigation (announced January 26) into platform X’s new “Grok” AI features. The probe will assess whether X properly assessed and mitigated systemic risks — including the spread of manipulated deepfake images (some potentially child sexual abuse material) — when deploying Grok in the EU. In parallel, the Commission extended an ongoing investigation into X’s recommender systems.
DMA
Google Compliance Proceedings – On January 27, the Commission opened two formal proceedings to ensure Google’s compliance with the DMA. These specification proceedings focus on Google’s obligations to provide third-party access to certain Android features (e.g. for AI services like “Gemini”) and to share search data with competing search engines. The aim is to clarify how Google must adjust its practices (interoperability and data access) so that rivals can compete fairly under the DMA’s requirements.
NIS2
Cybersecurity Law Updates – On January 20, the European Commission proposed targeted amendments to the NIS2 Directive as part of a new cybersecurity package. The proposal seeks to simplify compliance – for example, by clarifying jurisdictional rules, streamlining ransomware incident data collection, and facilitating oversight of cross-border critical entities (with an enhanced coordinating role for ENISA). These changes aim to improve legal clarity and reduce burdens while strengthening EU-wide cyber resilience.
Sweden Level
GDPR
IMY Security Fine – Sweden’s privacy regulator (IMY) fined software provider Sportadmin 6 million SEK for inadequate IT security following a major 2025 data breach. IMY’s investigation found Sportadmin lacked appropriate safeguards (violating GDPR Article 32), which led to a leak of personal data (including sensitive data on children) for over 2.1 million individuals. The decision, announced January 26, signals strict enforcement of GDPR’s security requirements in Sweden.
EU AI Act
IMY Highlights AI Act Changes – Sweden’s IMY echoed the above EU-level stance in a January 23 news update. The agency noted that the EDPB and EDPS, in an extraordinary plenary, adopted a joint opinion supporting the Commission’s proposed AI Act adjustments aimed at simplification and competitiveness, while advising clarifications and warning against diluting accountability (for example, opposing removal of certain provider obligations). This reflects Sweden’s alignment with EU authorities on balancing innovation and rights in AI governance.
%20(A2%20(Landscape))%20(4).png)
%20(A2%20(Landscape))%20(5).png)
%20(A2%20(Landscape))%20(6).png)
%20(A2%20(Landscape))%20(7).png)
