Privacy Corner

For anyone working with AI governance, this is the document you have been waiting for. On 19 May 2026, the European Commission published its draft guidelines on the classification of high-risk AI systems under the AI Act. The guidelines span over 150 pages of worked examples, clarifications and, frankly, a few uncomfortable reminders for organisations that thought they had found a way around the rules. The guidelines are open for consultation until 23 June, so now is the time to pay attention.

So what makes an AI system "high-risk"?

Under the AI Act, a system is high-risk if it falls into one of two categories: either it is a safety component of a product already regulated under existing EU product safety legislation, think lifts, toys or vehicles, or it is intended for one of the specific use cases listed in Annex III of the Act. That second category is where most organisations will need to focus. Annex III covers eight broad areas, including biometrics, critical infrastructure, employment decisions, credit scoring, education and border control. It is an exhaustive list, but within those areas, the scope is broader than many have assumed.

Being classified as high-risk does not mean your system is banned. It means it is subject to a set of compliance obligations, technical documentation, human oversight mechanisms, registration in the EU database, designed to ensure the risks are properly managed.

The "intended purpose" trap

The part of the guidelines most likely to cause headaches is the Commission's treatment of intended purpose. Classification as high-risk depends entirely on what your system is intended to do. The Commission has made clear that "intended purpose" is determined by looking at the full picture, including your marketing materials, your technical documentation, your user manuals, and how you position the product in practice.

This has a sharp practical edge. If your promotional materials suggest broad applicability across high-risk use cases, a disclaimer buried in your Terms of Service saying the system must not be used for high-risk purposes will not save you.

The Commission is explicit in that it is not enough to exclude high-risk uses contractually if your overall presentation effectively promotes them. I wonder how many legal and compliance teams are currently reviewing their marketing copy with that in mind, because they should be.

You cannot "split your way out", and a human in the loop does not help

Two common assumptions about classification are turned down by this draft guideline which addresses both directly.

First: agentic AI systems. If your architecture consists of multiple linked components that together serve a high-risk purpose, the combined system is high-risk. You cannot partition your way out of classification by breaking a complex system into smaller pieces.

Second: human oversight. Many organisations have assumed that having a human in the decision-making loop takes their system outside the high-risk category. It does not. Unlike the GDPR's Article 22, which treats human involvement as a key criterion for certain automated decisions, the AI Act treats human involvement as a compliance requirement. It is something you must have once classified as high-risk, not as an escape route from classification in the first place.

The profiling red line

There is one area where the guidelines draw an absolute line. If your AI system performs profiling of natural persons, as defined under the GDPR, the filter mechanism in Article 6(3) does not apply. The system is high-risk, full stop. This matters enormously for HR systems, credit decisioning tools, and any system that builds individual-level predictive profiles. There is no exemption available, and no amount of creative documentation will change that.

What about the deadlines?

The compliance timeline has shifted, as many will know. Following the AI Omnibus political agreement, Annex III obligations are now expected to apply from 2 December 2027, and Annex I obligations from 2 August 2028. There is more breathing room than there was, but it is worth being clear-eyed about how much work is involved, and how quickly time passes.

What should your organisation do now?

The guidelines are still a draft, and the Commission will consult further before adopting a final version. But waiting is not a strategy. Three things are worth doing now:

• Review your AI inventory and assess which systems fall within the Annex III use cases. Pay particular attention to employment, credit and education tools.
• Audit your marketing materials, technical documentation and user manuals to ensure they do not inadvertently bring systems into scope through how they describe intended use.
• For systems you believe fall within the Article 6(3) filter mechanism, start documenting that assessment now. Self-assessment is your responsibility, and regulators can impose sanctions if they find a system has been wrongly classified to avoid compliance.

You can read more about the matter here.

It started with an anonymous letter. In October 2022, a printed copy of an email exchange landed on the desk of a board member at ITA Airways. The emails involved the company's own chairman and concerned the airline's privatisation process. Irregularities were suspected. The board moved swiftly: it first stripped the chairman of his operational powers, then had him removed as chairman entirely at a shareholders' meeting. And then it commissioned a digital forensics investigation.

The decision is very strict on data minimalization – and is relevant for many investigations.

What the investigation actually involved

The forensics firm engaged by ITA extracted the entirety of the former chairman's email account, SharePoint and OneDrive. A complete forensic image of his Microsoft Exchange database covering approximately 21 months of activity was created, stretching back well before the anonymous letter had even arrived. The plan was to apply keyword searches to the data afterwards to identify what was actually relevant.

Italy's DPA, the Garante, found three separate violations when the former chairman filed a complaint. First, ITA had never properly informed him that his data would be processed in this way. The company pointed to its internal privacy notice and IT usage policy, arguing that as chairman he must have been aware of them. He had, after all, attached those very documents to his own complaint. The Garante rejected this defence. Both documents were directed at employees and collaborators, and the chairman held a corporate appointment, not an employment contract. The DPA reasoned the documents did not apply to him.

Second, ITA could not produce a signed copy of the data processing agreement with the forensics firm. Without a formally executed agreement meeting the requirements of Article 28 GDPR, the processing lacked a valid legal basis.

Third, extracting an entire 21-month database and filtering it afterwards did not satisfy the data minimisation principle. They gathered data from before the relevant matters arose – and data from after the termination of the president. The Garante was clear in that the over-collection itself was the violation even though conducted searches only related to the relevant period. What you do with the data afterwards does not cure the problem of having taken too much in the first place.

Seniority is not a defence

As further defence, ITA had also argued that his seniority within the organisation was a relevant factor, implying that someone at that level could reasonably expect a more intrusive level of scrutiny. The Garante dismissed this, emphasising that holding a senior corporate role does not reduce an individual's rights under the GDPR. Everyone is a data subject, regardless of how high up the organisational chart they sit.

The fine of €190,000 is a sharp reminder that data protection obligations do not pause because an internal investigation feels urgent, or because the person being investigated is powerful. The anonymous letter may have set events in motion, but it did not give ITA Airways a free hand to do whatever it wanted with the data that followed.

You can read more about the matter here.

A Spanish transport company required its employees to install four monitoring apps on their personal phones as a condition of doing their jobs. The aps tracked location, messages, calls and, in some cases, photos and physical status data. When an employee complained, Spain's DPA fined the company €200,000 for three violations: processing without a valid legal basis, lack of valid consent, and failure to properly inform employees of what was being collected.

The consent argument deserves particular attention. The company claimed employees had chosen to use their personal phones, pointing out that company phones were available as an alternative. The AEPD was unconvinced. Company phones were available in theory but limited by budget, making personal phones the practical default. Consent obtained as a condition of employment, where the power imbalance is as pronounced as it gets, is not freely given consent.

The case is a useful reminder that the employment contract does not justify whatever level of monitoring an employer finds convenient. If the same result can be achieved through less intrusive means, the more intrusive option is not proportionate, and an employee's personal phone is not an extension of the employer's infrastructure.

You can read more about the matter here.

Recording meetings has become almost routine, whether it is a Teams call saved to the cloud or a voice memo on a phone. That casualness is precisely what makes this Austrian case worth paying attention to.

A representative from an advertising company visited an office, gave the impression he was connected to the local municipality, and started recording the conversation before anyone in the room knew it was happening. The recording clause was included in contractual documents presented during the meeting, after the recording had already been running for several minutes. An Austrian court upheld a €6,300 fine against the company, rejecting every argument it raised on appeal.

What the company argued — and why none of it worked

The company claimed processing had not begun until the audio file was saved. The court noted that the representative had admitted the recording started before the conversation did. It claimed one of the data subjects had consented by signing the documents. The court found that consent presented mid-conversation, while the recording was already running, does not meet the GDPR's requirements for freely given and informed consent. It claimed the voices could not be linked to identifiable individuals. The court reasoned that the controller could easily connect the recording to the date, location, participants and services discussed.

And it claimed legitimate interest through quality improvement and the vague possibility of future legal disputes. The court found that secret audio recordings are generally unlawful and that neither purpose came close to justifying one.

What this means in practice

The GDPR requires that data subjects be informed at the time data is collected, not partway through, and not after the recording has already started. That principle applies whether you are recording a sales visit or a Monday morning team meeting. Recording meetings has become common and convenient, but convenience does not change the rules. Inform people before you press record and make sure they understand what they are consenting to – or what legitimate interests you claim to have.

You can read more about the matter here.

This case is unusual, but it raises a question with broader relevance. What happens when a whistleblower requests access to the documents from their own case, and the institution holding those documents refuses?

A former temporary agent at the CJEU reported inappropriate conduct by a General Court member in 2019. An Advisory Committee found that the member had breached the relevant Code of Conduct. The data subject then requested access to the documents relating to the whistleblowing and assistance procedures they had initiated. The request was refused by the CJEU, twice, on the grounds that granting access would likely infringe upon the rights and freedoms of others involved in the proceedings. The legal question the case raised is straightforward: how far does the right of access extend when third-party anonymity is at stake?

What the court decided

The General Court upheld the refusal. The right of access under the EUDPR (the data protection regulation that applies to EU institutions) is not absolute, and can be restricted where necessary to protect third parties' rights. In this case, the individuals interviewed during the proceedings had been promised anonymity. The court accepted that redacting their names from the documents was not sufficient to guarantee that anonymity in practice, and that the data subject's right of access did not outweigh those competing interests.

The data subject also claimed €200,000 in damages. The court found the claim admissible in principle but dismissed it on the merits. The CJEU had not manifestly or gravely misused its discretion in refusing access, which is the high threshold required for damages in cases like this.

Reflections

What makes this case principally interesting is the tension it exposes between two legitimate interests that data protection law usually tries to protect simultaneously: the right of a whistleblower to access information about their own case, and the right of witnesses to remain anonymous. The court's answer that anonymity promises made during internal proceedings can justify withholding access even to the data subject themselves, sets a meaningful precedent for how EU institutions handle whistleblowing procedures going forward. It is a reminder that the right of access, as fundamental as it is, has always had limits when third parties' rights are at stake.

You can read more about the matter here.

A Finnish parish sends its members a letter about upcoming elections. The envelope identifies the sender. A recipient complains that anyone handling the post could thereby infer that they belong to the Evangelical Lutheran Church. Is that a GDPR violation?

The Administrative Court thought so, finding that church membership information on the outside of an envelope falls within the scope of Article 9 GDPR, which covers special categories of personal data, including religious beliefs. The lower court reasoned the parish should have put the identifying information inside the envelope instead. The Supreme Administrative Court disagreed and overturned that decision.

The reasoning is worth noting. The court accepted that information which indirectly reveals religious affiliation can fall under Article 9 even when it does not constitute direct evidence of a person's beliefs, but merely allows others to draw inferences. That is consistent with established CJEU case law. However, the court drew a meaningful distinction between data that directly expresses religious views and data that merely associates someone with a membership register. The interference with the data subject's rights in this case was considered relatively limited. The parish also had a valid legal basis under Article 9(2)(d) GDPR, which permits religious communities to process membership data in connection with their legitimate activities. Given the postal service's duty of confidentiality and the low risk of third-party access, the court found that the appropriate safeguards were in place.

The case illustrates that Article 9 can have a broader reach than many assume, and that context and proportionality matter when assessing how seriously a given interference with sensitive data affects the individuals involved.

You can read more about the matter here.

Modern cars are data collection devices on wheels. They can record where you go, how you drive, who is in the vehicle with you and, in some models, considerably more personal details. Most drivers have little awareness of the extent of this data collection, and even less control over what happens to the data once it leaves the dashboard. While the regulatory landscape in Europe offers stronger baseline protections than in the United States, this is fundamentally a global issue, and a case announced in California last month illustrates just how serious the consequences can be.

The GM settlement

On 8 May 2026, the California Attorney General announced a record $12.75 million settlement with General Motors over violations of the California Consumer Privacy Act. The allegation was: GM had sold driver data, including names, contact information, precise geolocation data and driving metrics such as speed, hard braking and rapid acceleration, to data brokers LexisNexis Risk Solutions and Verisk. The deal was without adequate notice or consent and for purposes unrelated to those originally disclosed to drivers. The settlement is the largest CCPA penalty to date and the first to focus specifically on the law's data minimisation and purpose limitation requirements.

Under the terms of the settlement, GM must stop selling driving data to consumer reporting agencies for five years, delete retained driving data within 180 days unless drivers give express consent, request deletion of the data already held by LexisNexis and Verisk, and develop a robust privacy programme to assess and document privacy risks going forward.

This follows a 2025 order from the US Federal Trade Commission imposing similar restrictions, as well as enforcement actions in Nebraska and Arkansas. The pattern of regulatory action against GM is notable. Nor are the underlying practices it concerns unique to one manufacturer.

Why this matters in Europe

For European organisations and their clients, the GM case is a useful illustration of principles that apply equally under the GDPR: data minimisation, purpose limitation, and the requirement that consent be genuine rather than buried in a privacy policy that nobody reads. The fact that car manufacturers operating in Europe are subject to these obligations does not mean compliance is uniformly happening. Research has shown that the automotive sector is among the most problematic for privacy, with manufacturers routinely reserving broad rights to collect and share data in their terms and conditions.

The key takeaway is not that European drivers face the same immediate exposure as American ones. But the data flows involved in connected vehicles are global, the manufacturers are largely the same, and the question of what car companies are doing with driver data deserves the same scrutiny on this side of the Atlantic as it is now receiving in California.

You can read more about the matter here and here.

Region Gävleborg's is using AI on servers based in the USA, in spite of its own officials warning against it. In advice given during the autumn of 2024, they identified significant data protection risks, including the use of US servers to store sensitive patient data. The Region signed the contract with Tandem Health anyway. Now the Swedish DPA (IMY) has arrived to take a closer look.

The inspection, which takes place on-site over two days, will assess whether the Region is meeting its obligations under Articles 25 and 32 of the GDPR. IMY will examine whether risks were identified before the service was introduced, how errors in transcription are handled, and whether the region has procedures in place to ensure the AI model does not change unintentionally over time. IMY also intends to conduct a simulated patient-doctor conversation to test how the service functions in practice.

The investigation is part of a broader pattern. IMY has identified AI in the public sector as a priority area for 2026, and the Gävleborg case illustrates what that means in practice: the authority is not simply asking whether a legal basis exists. It is asking whether the organisation can demonstrate that it understands how its AI system actually behaves in operation, and that someone is accountable for monitoring it on an ongoing basis.

You can read more about the matter here, here and here.

Uber's appeal against a €10 million GDPR fine imposed by the Dutch DPA has been rejected. The fine, originally issued in January 2024, now stands, and Uber has announced it will take the case to court.

The violations themselves are worth understanding, because they are not unusual. The Dutch DPA found three things wrong. First, Uber made it unnecessarily difficult for drivers to request access to their personal data. A digital form did exist within the app, but it was buried across various menus rather than being readily accessible. Second, company documents provided to drivers, including internal guidelines, were written in language that drivers could not reasonably be expected to understand. Third, Uber's privacy statement failed to provide adequate information about how long driver data was retained and which countries it was transferred to.

Uber argued during the appeal that its privacy policy had been compliant and that it had since introduced improvements. The DPA's response was straightforward: subsequent improvements do not undo violations that have already occurred.

What the Uber case demonstrates is that GDPR transparency obligations are not satisfied by having a privacy policy that technically covers the right topics. The information needs to be genuinely accessible, genuinely comprehensible and genuinely complete. Burying a data access form in a series of menus, or describing data transfers in terms that the average driver cannot parse, falls short of that standard regardless of what the policy document says on paper.

You can read more about the matter here.

The use of Microsoft's cloud services in public education is widespread across Europe. This decision from Andalusia's regional data protection authority is a reminder that widespread does not mean unproblematic. A major cloud platform in a school environment carries a compliance burden that goes well beyond signing a processing agreement.

What happened

In 2020, the Regional Ministry of Education and Sports of Andalusia entered into an agreement with Microsoft Ireland to provide cloud-based educational services, including Teams, OneDrive, SharePoint, Outlook and the Office Online suite, to public schools. In 2023, a complaint was filed alleging multiple GDPR violations. The DPA upheld every one of them.

What the Ministry was ordered to do

The corrective measures imposed by the DPA are worth setting out in full, because they illustrate precisely where the compliance gaps were.

The Ministry was ordered to submit an action plan with a concrete timeline for remedying the non-compliance. It must provide evidence that appropriate technical and organisational measures have been adopted to address the risk that users, including pupils, teachers and families, might upload special categories of personal data, photographs or audiovisual material to the cloud services. It must also demonstrate how data subjects have been informed of the processing in accordance with Articles 13 and 14 GDPR.

On international transfers, the DPA ordered the Ministry to suspend data flows to processors and sub-processors located in third countries that are not subject to an adequacy decision, unless the relevant safeguards or derogations under Articles 44–49 GDPR are demonstrably in place. The Ministry must also update its records of processing activities to properly reflect those transfers, and produce a data protection impact assessment. This should have been completed before the services were deployed, given the scale and nature of the processing involved.

Finally, the Ministry must provide the instructions and protocols given to the educational community regarding what photographs and audiovisual content may appropriately be uploaded to the services — and explain what monitoring mechanisms are in place to enforce those limits.

Reflections

The timing of this decision is not coincidental. Scrutiny of public sector use of US-based cloud services has intensified considerably, and educational institutions processing children's personal data are an obvious focus. The Andalusia case is not a story about Microsoft doing something wrong. It is a story about a public authority deploying a powerful platform without first doing the work that deployment requires: a DPIA, adequate transparency, documented safeguards for international transfers and meaningful controls over what data ends up where. Those obligations exist regardless of which cloud provider is involved.

You can read more about the matter here.

Pope Leo XIV has published his first encyclical, Magnifica humanitas: On Safeguarding the Human Person in the Time of Artificial Intelligence, released on 25 May 2026 to mark the 135th anniversary of Leo XIII's Rerum novarum. It is a broad social document, but artificial intelligence sits at its centre, and several of its arguments will resonate beyond a strictly religious audience.

The Pope's starting point is that technology is not inherently good or bad, but that it "takes on the characteristics of those who devise, finance, regulate, and use it." From there, the encyclical develops a sustained critique of what happens when AI develops without ethical constraints or democratic oversight. Power concentration is a recurring theme. The Pope insists that technologies must not be allowed to accumulate in the hands of a few, and that "a more moral AI is not enough if that morality is determined by a few." He calls for independent oversight, adequate legal frameworks, and shared international standards.

On data and surveillance, the encyclical is pointed. The mass collection of personal data and the use of algorithmic systems to profile, predict and direct behaviour is described as "a new form of power". A power that risks discriminating against the most vulnerable and turning personal lives into exploitable information. The Pope also criticises the "architecture of visibility" built into digital platforms, which is designed to capture users' attention and exploit their vulnerabilities rather than serve their interests.

On AI in armed conflict, the Pope is unequivocal: "there is no algorithm that can make war morally acceptable." Any technology that enables attacks without seeing the face of the person being targeted, he writes, lowers the moral threshold of violence and reduces victims to data points.

The encyclical will not settle any legal debates. But as a statement of values from one of the world's most widely heard voices, it adds weight to arguments that regulators and legislators are already making. The question is not whether to develop AI, but who controls it, who benefits from it, and who bears the cost.

You can read more about the matter here.