Employee monitoring remains firmly in the regulatory spotlight, with Slovenia’s Information Commissioner addressing the use of tracking chips in employee work clothing.AI governance in the workplace also continues to demand attention, with the Turkish DPA publishing guidelines on both generative and agentic AI use in the workplace, and Singapore launching its Model Governance Framework for Agentic AI. In Ireland, the General Scheme of the Artificial Intelligence Bill has been published to implement the EU AI Act, while the groundwork has also been laid for the EU Data Act.

Employee data rights have been tested in the courts, with a French Court of Appeal decision confirming that employees cannot rely on subject access requests to obtain wholesale copies of work emails, and a Polish court dismissing a GDPR damages claim where a data breach caused no actual harm. In Belgium, the DPA has addressed unlawful WhatsApp disclosures, post-termination email account retention, and employee misuse of database access rights.Biometric data remains a hot topic in Spain, where the AEPD has fined FC Barcelona for deploying facial and voice biometric technologies without a data privacy impact assessment, and imposed a fine on a company for the unlawful processing of biometric data.

This edition also covers cybersecurity enforcement from Sweden, Romania and Ireland, data retention guidance from Finland and Slovenia, and Chile’s comprehensive new data protection framework coming into force later this year.

For the UK, we explore the introduction of a new statutory right to complain under the Data Use and Access Act 2025 from June 2026. We also set out three key data, privacy and cyber watch outs for UK employers this year.

Find further details on these updates, and more, please download the full update.