Ireland data protection newsletter – Issue 23

The first quarter of 2026 has brought significant activity across the data protection landscape, with new guidance, coordinated investigations and emerging legislation shaping expectations for organisations across the EU. The EDPB has set out its priorities for the coming years, focusing on harmonisation, practical templates and clearer guidance in areas where application of the GDPR continues to vary. Supervisory authorities are advancing their coordinated enforcement work, with particular scrutiny on the right to erasure and ongoing transparency obligations.

Recent decisions, including enforcement action by CNIL and the Irish Data Protection Commission, offer practical insights into regulatory priorities and highlight common weaknesses in governance, security and data‑subject rights handling. Alongside this, developments such as the European Biotech Act and new interpretations of DSAR obligations demonstrate how quickly the regulatory environment is evolving. Organisations are also facing increased activity in the AI and digital‑transformation space, with new strategies, legislation and compliance expectations emerging at pace.

In this issue

• EDPB guidance, opinions and enforcement action
• Coordinated enforcement action – right to erasure
• Coordinated enforcement action – transparency
• Cookies and marketing – CNIL fine
• University of Limerick fined €98,000
• European Biotech Act
• Data Subject Access Requests (DSARs)
• Developments in AI