With Christmas and a new year just around the corner, there is still time for one more catch-up on all things European data protection. In this issue, we have: horizon-scanning releases looking at emerging tech, a look at recent international meetings between data protection authorities, and privacy-focused events to kick off your 2026. Read on!
Have a listen!
Starting the new year with Data Protection in mind
Registration is already open for Data Protection Day 2026! Co-organised by the EDPS and the Council of Europe (CoE) at the end of January, this year’s conference will bring together policymakers, regulators, academics and practitioners to speak about the next generation of EU data protection legislation.
- When: 28 January 2026
- Where: European Commission, Charlemagne Building, Brussels
2026’s theme is Reset or Refine and the goal is to explore how we can build on the resilience of the European data protection framework, learning from past lessons. How can we modernise without compromising core principles? How can ‘regulatory simplification’ coexist with strong safeguards for individuals? And how can Europe’s normative model continue to inspire a human-centric digital future?
To find out, register here!
Register now to discuss cross-regulatory cooperation
Just before Data Protection Day, we have ‘Towards a Digital Clearinghouse 2.0’ - register now to join the discussion on the future of cross-regulatory cooperation.
With the digital regulatory landscape rapidly changing, coordination is critical. Participants will learn from existing cross-regulatory forums about the challenges and opportunities for cooperation across regulatory silos difficult.
Regulators and other stakeholders will be joining the event to reflect on what is missing today and what would be needed to make an EU-level forum for cross-regulatory cooperation work in practice.
- When: 27 January 2026
- Where: European Commission, Charlemagne Building, Brussels
Registrations are open!
Latest TechDispatch explores the privacy challenges of Digital Identity Wallets
In addition to the TechSonar (see below), the EDPS has published its latest TechDispatch - a series providing detailed analysis of new technologies and trends. This issue focuses on Digital Identity Wallets (DIWs) and how we can ensure they remain compliant with data protection principles.
A DIW allows users to securely store identity data and credentials in a digital repository, enabling access to services in both the physical and digital worlds. Entitled ‘The path towards a data protection by design and by default approach’, the new release is essential reading for policymakers and practitioners who want to ensure that the development of DIWs, such as the upcoming European Digital Identity Wallet (EUDIW), adheres to the principles of Privacy by Design and by Default.
To learn more about the EDPS's recommendations for a secure and privacy-respecting digital identity framework, access the full report here.
EDPS meets with data protection authorities from G7 nations
On 9-10 December, European Data Protection Supervisor Wojciech Wiewiórowski participated in a virtual G7 Data Protection and Privacy Authorities Roundtable. The initiative is a yearly gathering of data protection regulators from leading digital economies, to tackle global privacy challenges. The EDPS highly values the continued engagement through this forum to promote high data protection standards and foster responsible innovation.
During the two-day meeting, participating DPAs reflected on the progress made under the three pillars of the 2025 Action Plan to strengthen privacy and data protection: safely and responsibly moving data across borders and fostering Data Free Flow with Trust (DFFT); strengthening trust in new technology; and enforcement cooperation. During the meeting, the DPAs adopted a position paper on DFFT, as well as the Action Plan for 2026 which commits to continuing to foster trust and support innovation that protects privacy, especially for children.
Preparing the EU for AI risk
How is the EU public administration preparing its own AI systems for the implementation of the AI Act? In his latest blog post, Supervisor Wojciech Wiewiórowski details the results of a pioneering mapping exercise conducted by the new EDPS Artificial Intelligence Unit.
The exercise was the first inventory of potential high-risk AI systems planned or currently used by EU Institutions (EUIs). It raises critical questions for the future of supervision: How can we ‘de-mystify’ high-risk classification to encourage innovation while ensuring safety? And how can early mapping help define the priorities for the EDPS as a market surveillance authority?
To read the Supervisor’s full analysis and findings, click here.
Building bridges with the Western Balkans and Eastern Partnership
In times of geopolitical uncertainty and rapid technological change, data protection authorities must work together across borders to uphold shared values. That was the message of Thomas Zerdick, Acting Secretary-General of the EDPS, as he reflected on the recent ‘Day at the EDPS,’ which welcomed representatives from the Western Balkans and the Eastern Partnership Region.
The event transitioned from high-level dialogue to hands-on, operational exchanges. Key topics included:
- A call for the swift ratification of the Council of Europe’s Convention 108+ to realise its potential as a global standard for data protection.
- Exchanges on advising the legislator, in which the EDPS presented our Guidance for co-legislators on the key elements to consider when drafting legislative Proposals
- Lessons learned from complex supervisory activities, including the EDPS’s investigation into the use of Microsoft 365 by the European Commission and our supervisory activities in the field of law enforcement and border management.
- A discussion on data protection in the era of AI, including the EDPS’s new role and functions under the EU’s AI Act.
The exchanges allowed the participants to listen and learn from partners regarding the hurdles they face and to benefit from shared insight. To discover the key takeaways, read the full post here.
Notes from the 57th EDPS-DPO Meeting
As the EU faces a moment of significant legislative and technological change around the Digital Omnibus proposal and proposed changes to the EUDPR (Reg. 2018/1725), what are the priorities for Data Protection Officers (DPOs) across the European institutions? In a recent blog post, EDPS Acting Secretary-General Thomas Zerdick reported from the latest meeting of the EDPS-DPO Network, which examined a number of upcoming challenges.
Among the topics discussed were supervisory updates on the conclusion of the investigation into the European Commission’s use of Microsoft 365, and forthcoming revised EDPS Supervisory Guidance on the role of EU DPOs. There was also a session dedicated to practical case law based on recent Court of Justice rulings, and a look recent trends in personal data breaches.
This kind of interinstitutional collaboration is essential for ensuring a consistent and effective application of EU data protection rules across all EU bodies. You can read the summary blog post here.
Guiding the Autonomous Flock: new TechSonar identifies six key AI trends for 2026
The TechSonar 2025-2026 report asks, as artificial intelligence becomes increasingly autonomous, how can humans ensure it aligns with our fundamental rights and values?
Every year, the EDPS TechSonar anticipates emerging technology trends to contribute to the wider foresight debate. This year's report focuses primarily on AI, identifying six interconnected trends shaping the technological evolution and raising data protection questions:
- Agentic AI
- AI companions
- Automated proctoring
- AI-driven personalised learning
- Coding assistants
- Confidential computing
As humans increasingly take the role of ‘AI shepherds’ overseeing AI systems, managing the change will require targeted research, technical innovation, and uncompromising commitment to human values, thoughtful governance and collaboration across disciplines.
Download TechSonar 2025-2026.
You can also read the foreword by Supervisor Wiewiórowski here.
EDPS’ Tips & Tricks: How to delete your data
Want to start 2026 with a clean slate? Here’s an option you might not know about:
It is your right to ask for your data to be deleted when processed by an EU institution, body, office or agency, or by a public or private organisation in the EU.
If you ask for this, your request must be analysed on a case-by-case basis by controllers who decide on the processing of your personal data. The final verdict should be based on legal reasoning.
For more detailed info, check out our guidance work here.
