With Christmas and a new year just around the corner, there is still time for one more catch-up on all things European data protection. In this issue, we have: horizon-scanning releases looking at emerging tech, a look at recent international meetings between data protection authorities, and privacy-focused events to kick off your 2026.
New TechDispatch publication on Digital Identity Wallet: The path towards a data protection by design and by default approach
The EDPS publishes the High-Risk AI Systems Mapping Report in European Institutions, Agencies and Bodies.
EDPS hosts data protection authorities from Western Balkans and Eastern Partnership regions for a day of operational exchanges.
Blogpost on the 57th EDPS-DPO Meeting by Thomas Zerdick, Acting Secretary-General and Head of Supervision and Enforcement Unit.
We are back and there is a lot to catch up on! Read on for events to register for; new EDPS publications and Opinions on AI and transatlantic data sharing; reflections on events on cross-border data protection, privacy tech and the AI Act; news on EDPS oversight of EU border systems; an update on a key court judgement; and more.
The TechSonar report 2025-2026 explores six trends: agentic AI, AI companions, automated proctoring, AI-driven personalised learning, coding assistants and confidential computing.
Data Protection Day (28 January) celebrates the signing of Convention 108, the first legally binding treaty protecting privacy in the digital age. To mark the occasion, the Council of Europe (CoE) and the European Data Protection Supervisor (EDPS) are co-organising a one-day event focused on new frontiers in data protection.
Read the Executive Summary of the Report of the second edition of PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management.
The European Data Protection Supervisor (EDPS) is pleased to announce the publication of a new guidance document designed to support controllers in conducting data protection risk assessments when developing, procuring, and deploying Artificial Intelligence (AI) systems under Regulation 2018/1725 (EUDPR). This guide aims at providing valuable insights and practical recommendations to help identify and mitigate common technical risks associated with AI systems, helping in the protection of personal data.
While primarily intended for European Union Institutions, Bodies, Offices, and Agencies (EUIs), this guidance is also relevant and useful for private companies, industry stakeholders, and public organizations seeking to ensure compliance with data protection regulations.
The document begins by revisiting the risk management approach of the widely recognized ISO 31000:2018 standard. It then continues into the AI system lifecycle, to later explore the concepts of interpretability and explainability, which are essential for ensuring data protection. The core of the guidance presents a detailed analysis of risks and corresponding mitigation measures, organized around four fundamental data protection principles: fairness, accuracy, data minimisation, and security.