Data Protection

German Bundestag Holds First Reading of Bill to Strengthen Medical Registers

In May 2026 the German Bundestag held the first reading of a federal bill to create a Medical Registers Act and amend social security and implant register law, establishing a unified framework and new governance for more than 350 medical registries and their health data use. If adopted, this regime will formalise qualification and interoperability requirements, expand permitted reuse and linkage of registry data, and reshape compliance strategies for medical device and pharmaceutical firms that run or rely on clinical registries and real-world evidence.

24 May 2026, 21:17dserver.bundestag.deGermany

France Senate Proposes Law to Generalise Algorithmic Video Surveillance for Public Security

In May 2026 the French Senate registered a bill creating a permanent legal framework for AI-based analysis of CCTV images by law enforcement and key transport operators, while explicitly banning biometric identification and facial recognition. If adopted, this would move France beyond temporary retail experiments toward a nationwide, regulated regime for algorithmic video surveillance, heightening governance, data protection and oversight obligations for public authorities and technology providers.

20 May 2026, 19:20senat.frFranceEuropean Union

German Government Submits Draft Medical Registers Act to Strengthen Registries and Data Use

In May 2026 the German government submitted a draft Medical Registers Act that would create a central registry framework, new quality criteria and data-sharing rules for medical registries, and align Social Code Book V and implant registry law around use of the health insurance number for pseudonymised data linkage. If enacted, medtech, pharma and health-data stakeholders running or relying on registries in Germany will face stricter qualification and governance requirements but also easier, more legally secure access to high-quality real-world data for safety, reimbursement and innovation decisions.

15 May 2026, 16:12dserver.bundestag.deGermany

European Commission Recommends EU Age Verification Framework With Member State Roll-Out by End 2026

The European Commission has issued a non-binding Recommendation setting out a common EU framework for privacy-preserving age verification technologies and urging all Member States to deploy at least one EU age verification solution, linked to European Digital Identity Wallets, by the end of 2026. This points to a coming EU-wide expectation that online platforms and providers of age-restricted products and services will support harmonised, standards-based digital age checks aligned with the Digital Services Act, raising future compliance and IT-integration requirements even before binding rules are adopted.

8 May 2026, 19:01data.consilium.europa.euEuropean Union

European Parliament Question on Security of EU Age Verification App

In April 2026, several MEPs challenged the security and GDPR compliance of the Commission’s EU age verification app, citing alleged PIN bypasses, disabling of biometrics, and unencrypted storage of facial images on user devices. Their written question increases pressure on the Commission to strengthen security assurance and independent auditing of the app before broad deployment, which could influence future EU expectations for privacy-preserving online age verification.

5 May 2026, 07:23europarl.europa.euEuropean Union

California Assembly Passes AB 2086 On Pest Control Licensee Privacy

In April 2026 the California Assembly passed AB 2086, a bill to make pest-control licence applicants’ and licensees’ personal information confidential under the state public records law and sent it to the Senate for further consideration. If enacted, this will tighten privacy protections for pest-control operators while preserving public access to licence status and enforcement information, changing how regulators and businesses manage licensing data and disclosures.

4 May 2026, 19:57leginfo.legislature.ca.govUnited States

European Parliament Resolution and Final Text on GDPR Enforcement Procedural Rules

The European Parliament’s first-reading legislative resolution on additional procedural rules for enforcing the GDPR has now been published in the Official Journal, confirming that this position text corresponds to final Regulation (EU) 2025/2518. This consolidates the EU-level framework for GDPR enforcement procedures, signalling that organisations should monitor the separate publication and application of the new regulation and prepare for more structured handling of investigations and complaints.

3 May 2026, 14:33eur-lex.europa.euEuropean Union

New UK Regulations Require ICO to Produce AI and Automated Decision Making Code Under the Data Protection Act

The UK has adopted regulations, effective May 2026, requiring the Information Commissioner to develop a statutory code of practice on artificial intelligence and automated decision-making under the UK GDPR and Data Protection Act 2018. While the instrument itself does not yet change controller or processor duties directly, it signals that UK regulators will formalise expectations for AI-driven processing, so organisations should anticipate a more codified compliance framework and align future governance and risk assessments with the forthcoming code.

26 Apr 2026, 16:24legislation.gov.ukUnited Kingdom

CJEU Judgment C‑769/22: Hungary’s Child‑Protection Content Law Breaches EU Law and Fundamental Rights

In April 2026, the EU Court of Justice ruled that Hungary’s 2021 “child-protection” law restricting minors’ access to LGBTQ+-related content and broadening access to sex-offender registers breaches multiple EU directives, the GDPR, the EU Charter of Fundamental Rights and Article 2 of the Treaty on European Union. This judgment significantly tightens EU-wide limits on national content and data rules, signalling that future restrictions on online services, media, advertising, education and criminal-records access must avoid discrimination and respect fundamental rights, reshaping compliance and litigation risk for operations and campaigns in Hungary and potentially other Member States.

25 Apr 2026, 10:47eur-lex.europa.euEuropean UnionHungary

Swedish Medical Products Agency Updates AI Guidance for Healthcare

Sweden’s Medical Products Agency has issued an updated AI guidance for healthcare in early April 2026, aligning clinical use of AI systems – including generative models – with the EU AI Act, MDR/IVDR and data protection rules. Healthcare providers deploying AI in Sweden now face clearer expectations to treat AI tools as regulated medical and high-risk AI systems, with more rigorous demands on risk analysis, governance, data protection, lifecycle management, and in-house development.

21 Apr 2026, 13:13lakemedelsverket.seSweden

Netherlands Sets Multi-Year Labour and Social Security Enforcement Strategy 2026–2029

The Netherlands has established a 2026–2029 enforcement strategy that indexes fines for health, safety, and labour violations to ensure penalties outweigh the financial gains of non-compliance. Businesses face heightened financial risk and must ensure labour providers are authorized under new mandatory requirements taking full effect by 2028.

5 Apr 2026, 05:49open.overheid.nlNetherlands

Netherlands Parliament Motion Seeks Research Into Statutory Aftercare Duty for Large-Scale Personal Data Breaches Under NIS2 Implementation

The Dutch Parliament has commissioned research into a statutory aftercare duty for large-scale data breaches with findings expected by the third quarter of 2026. This initiative signals a potential shift toward expanded corporate liability and mandatory victim support frameworks that exceed current European cybersecurity and data protection standards.

4 Apr 2026, 10:57zoek.officielebekendmakingen.nlNetherlandsEuropean Union

France National Assembly Tables Bill No. 2600 On Screening Of Foreign Investments In Strategic Sectors

France introduced Bill No. 2600 in March 2026 to significantly broaden the screening of foreign investments in strategic sectors including energy, health, and critical raw materials. This proposal signals a shift toward stricter oversight of cross-border M&A with potential mandates for R&D localization and patent protection to safeguard national economic sovereignty.

29 Mar 2026, 17:52assemblee-nationale.frFrance

Netherlands Adopts Law Introducing Reporting and Verification Duties for Workplace Accidents for Lending Employers

The Netherlands has enacted legislation requiring host and lending employers to share workplace accident data and verify safety measures for temporary workers. Businesses utilizing or providing temporary labor must formalize cross-entity safety reporting protocols and documentation standards to ensure compliance and manage liability risks.

28 Mar 2026, 20:33officielebekendmakingen.nlNetherlands

EU Parliament Adopts Position Proposing Delayed Artificial Intelligence Act Application and Ban on Nudifier Apps

The European Parliament has adopted its position on the Digital Omnibus on AI, proposing staggered compliance deadlines through 2028 and a ban on non-consensual AI image generation. Manufacturers of AI-integrated products must prepare for phased enforcement that aligns AI Act obligations with existing sectoral safety frameworks for medical devices, toys, and radio equipment.

28 Mar 2026, 16:02europarl.europa.euEuropean Union

Lower Saxony Publishes Eckpunkte Guidance On Video Surveillance In Slaughterhouses

Lower Saxony has published technical guidance for video surveillance in slaughterhouses to enhance animal welfare transparency ahead of expected federal mandates. Operators should align voluntary monitoring systems with these benchmarks to ensure readiness for future statutory obligations and standardized state inspections.

28 Mar 2026, 09:35ml.niedersachsen.deGermany

MedTech Europe Response To EU Digital Omnibus Consultation On AI And Data Rules

MedTech Europe is advocating for the alignment of the EU Digital Omnibus with existing medical device regulations to ensure a coherent framework for AI and health data. Industry is pushing for a single conformity assessment pathway and enhanced trade secret protections to avoid duplicative compliance burdens and market access delays for digital health technologies.

27 Mar 2026, 17:14eur-lex.europa.euEuropean Union

European Parliament Amendments 103–107 To Digital Omnibus On AI

Proposed EU Parliament amendments to the Digital Omnibus on AI aim to accelerate high-risk compliance timelines and remove simplified testing pathways for embedded systems. These changes would force a hard 2027 application date and require all legacy AI systems to meet full regulatory standards by the end of 2030.

26 Mar 2026, 19:14europarl.europa.euEuropean Union

Minnesota Legislature Proposes Age-Appropriate Design Code Act (HF 4511)

Minnesota introduced legislation in early 2026 to mandate safety-by-design and strict data privacy standards for online products likely to be accessed by minors. Impacted firms must prioritize child well-being over commercial interests and prepare for mandatory impact assessments to mitigate substantial per-child civil penalties.

26 Mar 2026, 19:06revisor.mn.govUnited States

New York Assembly Proposes Consumer Camera Privacy Act for Networked Camera Devices (Bill A10687)

New York has introduced legislation to strictly regulate networked camera devices, mandating explicit opt-ins for surveillance features and imposing tight data retention limits. Manufacturers must prepare for significant product design and data governance shifts, including mandatory point-of-sale disclosures and increased litigation risk from a private right of action.

26 Mar 2026, 12:18assembly.state.ny.usUnited States