Newsletter #23 - 2 June 2026

Read on website

---

NicFab Newsletter

Issue 23 | June 2, 2026

Privacy, Data Protection, AI, and Cybersecurity

---

Welcome to issue 23 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news of the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation.

---

In this issue

---

GARANTE PRIVACY ITALY

AI, emotions, and the workplace: the Garante’s warning to an Italian start-up

With a measure of May 14, 2026, made public on May 28, 2026, the Garante issued a warning to an Italian start-up that has developed a plugin for Slack and Teams capable of analyzing, through AI and semantic analysis of chats, the level of psychological stress of employees who voluntarily choose to activate it in order to receive personalized suggestions.

The investigation, prompted by press reports, found that the start-up was the data controller vis-à-vis end users. The employer that purchases the service does not access the content of the chats or individual results, but may receive aggregate reports on the stress level of the company’s workforce. It is precisely on this point that the Authority’s finding focuses: even aggregate data can allow indirect access to information about employees’ emotional sphere, which the employer cannot lawfully process under data protection law, the Workers’ Statute, and the AI Act, which prohibits AI systems intended to infer emotions in workplace settings. The Garante requires by-design measures suitable to prevent any risk of access, even indirect, and recalls the limits of transparency, explainability, and verifiability of language models, with the consequent discriminatory risks.

The interesting point is the resilience of the distinction between the controller and the recipient of the report: the voluntary nature of the worker’s use and the employer’s lack of visibility over individual data are not enough to cure the problem if the aggregate output remains traceable to a prohibited emotional analysis. The worker’s consent, in this scheme, does not appear to be an adequate basis for overcoming the limits arising from the workplace context and the substantive prohibition on inferring or analyzing emotions in employment relationships.

Source

---

EUROPEAN COMMISSION

Technological sovereignty: press anticipations on the package expected on June 3

According to a Politico report based on an unofficial draft, the European Commission is expected to present a package of measures on technological sovereignty on June 3. The objective stated in the draft is to reduce the bloc’s exposure to foreign — read: U.S. — technology across cloud, AI, microchips, software, and data centers, in a framework in which “technological dependencies are becoming strategic liabilities”.

According to the same draft, there are four lines of action. First, public cloud stress tests: Member States would require administrations to conduct an assessment of their dependence on foreign suppliers against EU sovereignty criteria, with a view to resilience against kill-switch scenarios. The draft, however, reportedly would not indicate mitigation measures: the choice would remain with the capitals, which may also do nothing. Second, a revision of the 2023 Chips Act, with a fast lane for large-scale projects — facilitated access to public support, accelerated permitting, priority on pilot lines — and a focus on industrial scaling and crisis management. The package would also include a document on the energy consumption of data centers and AI, and would be accompanied by a separate law on the cloud.

The framework described is more declaratory than prescriptive: no direct constraints on U.S. big tech in procurement, and the financing — a mixed public-private model — would still need to be found. Since this is a document not yet adopted, the indications should be read as provisional, pending official publication.

Source

---

CNIL - FRENCH AUTHORITY

Cloud computing: the CNIL clarifies the roles under the GDPR

On May 28, 2026, the CNIL published guidance on qualifying cloud actors as controllers, joint controllers, or processors, applying the European Data Protection Board’s criteria. The complexity arises from the coexistence of IaaS, PaaS, and SaaS models, in which the allocation of responsibilities varies according to the provider’s level of control and the configuration margins left to the customer.

The reading grid covers three distinct purposes: provision of the service, improvement of the service, and security “of” the cloud and “in” the cloud. For the provision of the service, the customer is, as a rule, the controller: it determines the purposes (e.g., CRM management) and the essential means, choosing the provider and configuring its use. The provider operates as a processor. The CNIL warns that the scheme must be adapted to the specific contractual relationship and that, in case of doubt, the qualification must be documented and justified — a point relevant for accountability under Article 5(2) of the GDPR.

Source

IQVIA fined 5 million euros over health data warehouses

On May 26, 2026, the CNIL’s formation restreinte fined IQVIA OPERATIONS FRANCE 5 million euros for failing to comply with the safeguards imposed in the authorizations to set up two health data warehouses (entrepôts): LRX (authorized in 2018, fed by about 14,000 pharmacies) and EMR (authorized in 2021, fed by several thousand physicians).

The investigation, opened after a report by the magazine “Cash Investigation” and a series of complaints from individuals and associations, found shortcomings in the information provided to data subjects, the exercise of rights, and data security. The people involved number several tens of millions. The CNIL weighed the gravity of the violations — given that sensitive data were involved — the market position, and the company’s financial capacity. In addition to the fine, orders to comply within six months were issued, with a penalty of 10,000 euros per day of delay. The decision was made public.

The case confirms that violating the conditions set in the authorization for health data warehouses is treated by the CNIL as an autonomous head of liability, distinct from the merits of the authorized processing.

Source

Breaches in a chain: the sub-processor as the epicenter of the crisis

On May 27, 2026, the CNIL published a fact sheet — a fictional case inspired by real notifications — about a breach originating at a processor that provides clients with a cloud customer management solution. The attacker uses social engineering against an employee, obtains execution of malicious code, and then accesses the internal network, shared spaces with unstructured data, and the hypervisors on which the clients’ virtual machines run, exfiltrating their own data and that of their clients without being detected.

The point of the publication is to propagate notification obligations: a breach at the processor triggers notification obligations for each client controller, with tight deadlines and a need for information that the processor is often slow to provide. The CNIL insists on upstream safeguards — anti-phishing training, segmentation, active supervision during nights, weekends, and holidays — moments around which attackers calibrate their campaigns.

Source

CNIL-PIPC poster on generative AI and privacy

On May 27, 2026, the CNIL and the PIPC (the Korean data protection authority) presented a poster titled “Generative AI and privacy”, the third joint initiative within the cooperation launched in October 2022, after “Tes données, tes droits” in 2024. The material, available in French, English, and Korean, sets out six questions, each with practical advice on protecting personal data before, during, and after using generative AI services. Distribution is planned for middle and high schools, social media, and public events.

Source

Agenda of the CNIL plenary of May 28, 2026

The plenary session of May 28, 2026, comprised two parts. In the first, a hearing of the Director General of ANSSI on the national cybersecurity strategy and a communication on EDPB news. In the second, adopted under the procedure of Article 17 of the internal regulation, the examination of a draft opinion on a decree concerning the creation of a personal data processing operation for a study on the costs of the assistance and support activities of home-based autonomy services referred to in Article L. 313-1-3 of the Code de l’action sociale et des familles.

Source

---

EUROPEAN PARLIAMENT

Digital tools and AI for civic participation in EU processes

On May 29, 2026, the EPRS published a study on the use of digital tools and AI to promote citizens’ participation in European policymaking. The research, conducted by a team of external authors coordinated by Bjørn Bedsted, starts from an overview analysis of 94 tools at the global level and selects 11 for an in-depth empirical assessment.

The study distinguishes between the theoretical potential and the practical usefulness of the tools, isolating the prerequisites for effective engagement and mapping how technical features support or hinder the participatory process. A specific focus is on the current use of AI in digital participation tools, with an assessment of the associated potential and risks. It also analyzes the advantages, limits, and trade-offs of technology-assisted participatory processes.

The final part of the report outlines concrete policy options on three levels: governance prerequisites, procedural considerations, and technical alternatives, defining the safeguards needed to connect citizens’ voices to institutional action operationally.

The document is relevant for those working on the AI Act applied to digital democracy systems: the risk categorization proposed in the study intersects with the transparency and human oversight requirements demanded for systems that affect democratic processes.

Source

---

COUNCIL OF THE EUROPEAN UNION

Annual report on the implementation of the Digital Markets Act

Document ST 9776 2026 INIT, dated May 26, 2026, is the Commission’s report to the Council and the European Parliament on the implementation of Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector, which also amended Directives (EU) 2019/1937 and (EU) 2020/1828. It is the annual reporting exercise foreseen by the DMA, the instrument through which the Commission documents the state of application of the obligations imposed on gatekeepers and its enforcement activity. The full text is available on the Council portal.

Source

Proposal for a Regulation on the protection of adults: letter to the Parliament

With document ST 9764 2026 INIT, also dated May 26, 2026, the Council transmitted to the European Parliament the letter concerning the proposal for a Regulation on jurisdiction, applicable law, recognition and enforcement of measures, and cooperation on the protection of adults. The dossier addresses the cross-border coordination of the protection of vulnerable adults within the EU, an area in which the interplay of health data, legal representation, and the circulation of protective decisions has direct implications for the processing of special categories under Article 9 GDPR.

Source

---

DIGITAL MARKETS & PLATFORM REGULATION

Temu fined 200 million: a DSA precedent on the risks linked to illegal products

The European Commission fined Temu 200 million euros on May 28, 2026, for failing to assess the risks associated with the circulation of illegal products on the platform under the Digital Services Act. It is the highest DSA fine imposed so far, exceeding the 120 million imposed on X in December 2025 for transparency shortcomings.

The investigation, opened in October 2024, focused on Temu’s first annual risk assessment in 2024. According to the Commission, the document was limited to “general information” on the risks of the e-commerce sector as a whole, without specific evidence relating to the platform. The mystery shopping exercise identified defective electronics, baby toys with chemicals above the limits, and choking hazards. The recommendation systems and the promotions, according to the executive, amplify exposure by pushing these products toward consumers. Temu has 130 million monthly users in the EU, up 30% over the past year.

The amount remains far from the ceiling of 6% of global turnover: with 2025 revenues estimated at 53 billion, the maximum fine would have been about 2.8 billion. Temu has three months — until August 28, 2026 — to submit a corrective action plan, and has stated that it considers the decision disproportionate and is weighing “all available options”. Further DSA investigations remain open into addictive design, recommender systems, and researcher data access, in addition to the strand on the sale of illegal products.

The timing is not neutral: the fine falls on the eve of an EU-China summit and comes as Washington accuses the DSA of selectively targeting U.S. companies. Targeting a Chinese operator shifts that narrative. On the substance, the Commission sets an operational precedent: generic risk assessments built on sector templates without platform-specific data do not pass the scrutiny of Article 34 of the DSA.

Source (European Commission)

·

Euractiv

·

Politico (EN)

·

Politico (FR)

---

INTERNATIONAL DEVELOPMENTS

Adtech as a national security threat: the Pentagon confirms

The U.S. Department of Defense has confirmed that hostile actors tracked and surveilled U.S. military personnel in the field using geolocation data purchased on the commercial market. The confirmation comes from a letter from U.S. Central Command shared by Senator Ron Wyden with TechCrunch: USCENTCOM states it received “multiple threat reports” on adversarial exploitation of commercial location data to target U.S. personnel in the operational theater.

The mechanism is the familiar one: data collected through advertising SDKs from apps and websites, resold by data brokers on the open market, accessible to anyone who pays, including governments and military apparatuses, including the U.S., which has historically purchased these datasets without a warrant. The FBI has long recommended using ad blockers as a basic measure of digital hygiene.

Wyden calls for treating the adtech industry as a national security threat. The position carries significant weight in the U.S. debate on data broker regulation, which has stalled for years between FTC proposals and never-completed legislative attempts. On the European side, the affair is a textbook case of why cookie consent and the processing purposes declared by ad networks fail the accountability test: once data enters the advertising supply chain, the controller loses control over it.

Source

U.S. journalists’ data exposed on the dark web: the Proton investigation

Proton, together with Constella Intelligence, mapped the dark web to identify credentials and data linked to the New York Times, the Washington Post, and the Wall Street Journal: over 116,000 exposures linked to more than 35,000 email addresses, including work, personal, contact-form, and newsroom accounts. Among the data exposed were over 12,000 plaintext passwords and more than 61,000 items of personally identifiable information.

The outlets were not breached directly: the leaks come from third parties — retailers, software vendors, and services used by employees — that were hit by upstream data breaches. It is the classic supply-chain risk dynamic applied to a highly exposed professional category, where the compromise of a single account can lead to the exposure of confidential sources, targeted social engineering, and reprisals against whistleblowers. Proton notified the three outlets before publication.

The interesting figure is not the number itself, but the threat model: editorial security today depends on the security hygiene of hundreds of vendors that the journalist does not choose and the employer does not control. A useful read beyond the media sector as well for any organization handling high-risk categories of data subjects under Article 35 of the GDPR.

Source

---

ARTIFICIAL INTELLIGENCE

Connecticut passes SB 5: companion chatbots, AEDT, and a sandbox in a single package

Governor Lamont signed SB 5, a 39-section law covering companion chatbots, automated employment decision tools, social media, provenance data, whistleblower protection for frontier AI, AI-related layoff notifications, and the planning of a state regulatory sandbox. The effective dates are staggered between October 2026 and January 2028.

Unlike the earlier SB 2 — sunk last year by Lamont’s veto threat over fears of stifling innovation — Connecticut forgoes a single framework on high-risk AI and opts for targeted obligations. On companion chatbots, the text imposes safety protocols for suicidal ideation, non-human disclosure, and, for minors, parental tools on privacy and screen time, plus limits on features that maximize engagement. The definition of “AI companion” is narrower than in Nebraska and Idaho: systems with human-like adaptive responses capable of sustaining a relationship over time.

Connecticut thus joins New York, California, Washington, Oregon, Nebraska, Idaho, Iowa, and Georgia in regulating relational chatbots. Notably, on the same day, SB 4 on privacy was also signed, with a data broker registry and an accessible deletion mechanism.

Source

Confidence scores and false positives: the arithmetic of judicial errors

Techdirt lines up a banal but overlooked observation: a 95% confidence level in a predictive model also means a 5% expected error rate. Over hundreds or thousands of predictions a day, errors accumulate in absolute terms — and that is assuming the 95% declared by the model corresponds to reality, an assumption that is anything but a given.

The point matters when the systems are used as a basis for identification, arrests, and criminal proceedings: the model’s calibration and its correspondence with the real frequency of events become the true pivot of liability, not the number on the dashboard.

Source

Illinois SB 315: independent audits on frontier models, as Trump loses ground

A few days after the federal vetting plan for frontier models was canceled, the Illinois legislature passed SB 315, described by its supporters as the strictest state law on AI safety. Pritzker confirmed on X that he will sign it.

The text requires the largest AI firms to publish safety plans, annual reports on the results of independent third-party safety tests, and to notify the State of critical incidents within 72 hours — reduced to 24 in the event of an imminent risk of death or serious physical harm. Whistleblower protection is also provided for employees who report emerging risks. The audits, according to Scott Wisor of the Secure AI Project, will likely fall to the Big Four (Deloitte, EY, KPMG, PwC).

OpenAI and Anthropic supported the text: Chris Lehane (OpenAI) told Wired that the company aims for similar laws in other states to avoid a patchwork; Cesar Fernandez (Anthropic) argues that the obligations mirror protocols already adopted voluntarily. The obvious reading: requirements manageable by incumbents, more burdensome for smaller players. The clash with the federal administration, which unsuccessfully tried to block state laws, is set to intensify.

Source

EU Council: conclusions on teachers in the age of AI

Published in OJEU C/2026/2826 of May 26, 2026, the Council conclusions on teachers in the age of artificial intelligence (ST/9003/2026/INIT). The document recalls the European Education Area and explicitly links the integration of AI into education and training systems to the themes of digital sovereignty and strategic autonomy, indicating as critical the reduction of dependencies on AI technologies developed outside Europe, including in the education sector.

The Council recognizes that AI can reshape the design, delivery, and assessment of teaching; students’ access to and interpretation of information; the administrative management of schools; and, thus, the teacher-student relationship. Integration rests on continuously strengthening the teaching staff’s existing digital skills.

A soft-law act, but useful as a political framework for national interventions on AI in the school context and for the combined reading with the AI literacy obligations already foreseen by the AI Act. For the legal citation, the correct reference is CELEX 52026XG02826, published in OJEU C/2026/2826. On EUR-Lex, the CELEX record offers multilingual access in HTML, an authentic PDF, and an electronic signature.

Source (OJ)

Source (CELEX)

---

CYBERSECURITY

Palo Alto, CVE-2026-0257: the GlobalProtect auth bypass is under attack

On May 29, Palo Alto Networks updated the advisory published on May 13, confirming active exploitation of CVE-2026-0257 against unpatched PAN-OS devices. The severity increased from Medium to High, and the vulnerability was added to CISA’s KEV catalog, with a mitigation deadline set for June 1, 2026, for U.S. federal agencies.

The flaw lies in the handling of authentication override cookies for the GlobalProtect portal and gateway: the device decrypts the cookie with the configured private key and accepts its contents without verifying the signature. If the same certificate is reused for HTTPS services, the attacker can derive the public key from the TLS session and forge valid cookies to authenticate as a local administrator.

Rapid7 tracked the first wave from May 17 (Vultr infrastructure) and a second from May 21 (Dromatics Systems), attributing them to the same threat actor. In some cases, the attackers obtained VPN IP assignment and access to the internal network, though no lateral movement was observed. Temporary mitigations: disable the authentication override or generate a dedicated certificate for that function.

Source BleepingComputer

Source The Hacker News

Charter Communications: 4.9 million accounts exposed after vishing of an employee

ShinyHunters exfiltrated data from Charter Communications on April 1, 2026, compromising the Microsoft Entra account of an employee of the U.S. telco giant (over 32 million customers through the Spectrum brand) via vishing. Have I Been Pwned confirmed the impact on 4.9 million unique accounts: names, email addresses, phone numbers, and physical addresses. A subset of about 85,000 records, from an internal directory, also includes job titles.

The group claims to have obtained 42 million records from Charter’s Salesforce instance, including CPNI (Customer Proprietary Network Information), a category regulated in the U.S. Charter denies the exfiltration of CPNI and sensitive PI, attributing the incident to “sales tools” only. After the ransom was refused, the data ended up on the group’s leak site.

The incident fits into ShinyHunters’ systematic campaign against Salesforce instances, already at the center of the Aura and Salesloft Drift operations. The FBI continues to advise against paying the ransom, which guarantees neither the deletion nor the non-resale of the data.

Source

WP Maps Pro, CVE-2026-8732: admin accounts created without authentication

Defiant/Wordfence blocked over 3,600 exploitation attempts in the last 24 hours of CVE-2026-8732, a critical vulnerability in the WordPress plugin WP Maps Pro (versions 6.1.0 and earlier). The plugin, with over 15,800 sales on Envato Market, is widely used on business, real estate, directory, and tourism sites.

The bug lies in the “temporary access” feature designed for vendor support: the AJAX endpoint is reachable without authentication and relies on a nonce exposed in the frontend JavaScript. A request with check_temp=false invokes wp_insert_user(), creating a user with a hardcoded administrator role, a random username, and the email support@flippercode.com, and returns a passwordless magic login URL. The attacker visits the URL and gains access to the admin session.

Typical consequences: persistent backdoors, web shells, malicious plugins, data exfiltration. Reported by David Brown to Wordfence on March 24, fixed in WP Maps Pro 6.1.1 released on May 20.

Source

Dutch police dismantle a botnet of 17 million devices

The Dutch Politie and NCSC announced the seizure of part of the servers of a botnet that aggregated at least 17 million infected devices — PCs, tablets, smartphones, and IoT devices — and had over 200 backend servers located in the Netherlands. After the seizure, the hosting provider took the infrastructure offline.

The authorities did not name the service, but NL Times identifies it as Asocks, a residential proxy platform with subscription prices between $ 5 and $ 15 per month. Asocks had already surfaced in April 2024 in the PROXYLIB campaign documented by HUMAN’s Satori team, which involved Android devices infected with proxyware attributable to LumiApps and Asocks itself.

The case illustrates the structural ambiguity of residential proxies: lawful uses (bypassing geo-restrictions, privacy) coexist with a gray market in which compromised devices become routing nodes for malicious traffic, often without the owners’ knowledge.

Source

---

TECH & INNOVATION

PETs and international transfers: no silver bullet

The Future of Privacy Forum, during the Global CBPR Forum in Lima, dedicated a session to the role of Privacy Enhancing Technologies in cross-border data transfers. The point is not rhetorical: in a context where the legal bases for extra-EU flows remain fragile, and the volume of data required by AI systems grows, understanding whether and how PETs can function as a technical enabler has direct operational implications.

The session focused on two mature technologies: trusted execution environments and differential privacy. A U.S.-UK policy pilot and a Latin American perspective on adoption were presented. The speakers’ message is less enthusiastic than the title suggests: PETs do not solve the legal problem of the transfer, but they can reduce the risk surface in specific scenarios — the medical use case illustrated is an example — where legal or trust constraints have historically blocked sharing. Structural challenges remain: interoperability, analytical costs, and the absence of explicit regulatory recognition that treats the deployment of a PET as a safeguard under Article 46 of the GDPR.

Source

Privacy careers in the AI age: four profiles

Doug Miller (FPF) attempts to capture what is happening to the privacy profession as AI governance overlaps with—and, in some cases, absorbs —the traditional perimeter of data protection. The thesis: those who entered privacy fifteen years ago often did so by chance, “volunteered” from a legal department. AI arrived too quickly for the new generation to have consciously chosen.

Miller proposes four categories: the Adopting, who enthusiastically embrace the new perimeter; the Adapting, pragmatists who are readjusting without having chosen to; and two other profiles, as the full post details. The subtext is burnout: the sense of working in an organization that resists compliance, already structural in privacy, risks being amplified when the AI Act, model governance, and algorithmic risk mapping are added to the GDPR across not-yet-consolidated perimeters.

Source

FPF: practical guides on PETs for the education sector

FPF has published a suite of operational resources on Privacy Enhancing Technologies aimed at three communities that process student data: state education agencies and statewide longitudinal data systems, education researchers, and EdTech vendors. The guides, developed with AEM Corporation, include a comparative chart of seven PETs relevant to school data environments.

The interesting point is the explicit recognition of an under-discussed trade-off: in state longitudinal systems, the student populations most exposed to re-identification risk — small districts, low-incidence disability categories, rare demographic combinations — are often those for which noise-based methods like differential privacy perform worst. The guides do not merely describe what PETs can do, but call for documenting the analytical costs of the choice. An approach that should be imported beyond the education context as well: too many DPIAs cite “anonymization techniques” without measuring the loss in data utility.

Source

FROST: fingerprinting via SSD straight from the browser

A research paper documents a new browser-side tracking technique called FROST (Fingerprinting Remotely using OPFS-based SSD Timing). The attacking site measures contention on the visitor’s SSD I/O operations by exploiting the Origin Private File System — a per-site, sandboxed storage space that can be created without user consent or interaction.

By measuring the timing of I/O operations and feeding them to a pretrained convolutional neural network, the attacker infers which other sites are open in other tabs (even on different browsers) and which applications are running on the device. It is a side-channel attack that bypasses logical isolation between origins by exploiting a shared physical resource. Implications: traditional measures — storage partitioning, third-party cookie restrictions, incognito mode — do not mitigate the attack, because the leakage occurs at a hardware-timing level that the browser’s security model does not cover. For those who draft privacy notices and analyses on tracking risks, it is a scenario to add to the map.

Source

Deepfakes in a high school: the systemic failure

404 Media dedicates a podcast to an investigation into how deepfakes devastated an American high school, with a focus on the steps where schools, platforms, and law enforcement failed to protect the minors involved. The second segment concerns BusPatrol, a company that has installed AI cameras on tens of thousands of school buses and now wants to give police access to the collected data — a textbook case of function creep: a system introduced for one purpose (school road safety) repurposed for different purposes not disclosed to parents at the time of deployment.

Source

---

SCIENTIFIC RESEARCH

Selection of the most relevant arXiv papers of the week on AI, Machine Learning, and Privacy

Note: arXiv papers are preprints and not necessarily peer-reviewed.

Privacy auditing and membership inference

A Full-Pipeline Framework for Evaluating Membership Inference Attacks in Machine Learning

The authors propose an end-to-end framework to systematically evaluate MIAs, recognizing that their effectiveness varies significantly across contexts (privacy auditing, unlearning, training data identification). The interesting point is that the literature so far lacked a unified tool to measure how generalizable or context-dependent an attack’s results are.

arXiv

Detectability in Diversity: Improved Canary Crafting for Privacy Auditing in One Run

The paper improves one-run auditing methods, where canary points are inserted into the training set to derive empirical lower bounds on DP parameters in a single run. The authors work on the “detectability” of canaries, obtaining tighter bounds without the computational costs of traditional multi-run auditing. Relevant for those who must produce quantitative evidence of DP robustness in accountability contexts.

arXiv

Differential privacy and DP-SGD

From Privacy to Generalization: Linear Max-Information Bounds for DP-SGD

A theoretical work providing linear bounds on the max-information for DP-SGD, clarifying the link between privacy guarantees and the generalization capacity of deep networks. The result provides a formal foundation for the intuition that DP-SGD reduces the risk of overfitting, while explicitly quantifying the trade-off.

arXiv

Revisiting ML Training under Fully Homomorphic Encryption

The first theoretical convergence analysis for ML training under FHE combined with a DP algorithm purpose-built for encrypted computation. The authors claim to improve efficiency compared to standard DP-GD while maintaining comparable utility. Relevant for scenarios where one wants to combine computational confidentiality (FHE) and formal output-privacy guarantees (DP) without the usual performance collapse.

arXiv

PATE-TabTransGAN: Differentially Private Synthetic Tabular Data Generation

A combination of PATE with a transformer-GAN architecture to generate synthetic tabular data under formal DP. The stated goal is to close the gap between methods with strong theoretical guarantees but low fidelity, and expressive architectures with only empirical privacy guarantees. Of interest for data-sharing use cases where the synthetic data must preserve realistic inter-feature correlations.

arXiv

Memorization in generative models

Localizing Memorized Regions in Diffusion Models via Coordinate-Wise Curvature Differences

The authors geometrically characterize local memorization in diffusion models as a “coordinate-wise variance collapse”, making it possible to identify where in a generated image memorization emerges, not just whether it is present. The finding is directly applicable in copyright and data-subject rights litigation: granular localization changes how one can argue for the traceability of an output to a specific training sample.

arXiv

Federated learning and distributed architectures

PrivFusion: A Privacy-preserving Multi-Agent Framework for Harmonizing Distributed Datasets

A multi-agent framework for harmonizing distributed clinical datasets, addressing inter-institutional heterogeneity as an often-ignored prerequisite of healthcare federated learning. The contribution lies in treating harmonization and privacy as a joint problem, rather than delegating the former to a centralized pre-processing phase incompatible with the constraints on health data.

arXiv

Fairness, privacy, and accuracy

Balancing Fairness, Privacy, and Accuracy: A Multitask Adversarial Framework

A multitask adversarial framework that jointly optimizes fairness, privacy, and accuracy in centralized data-driven systems, starting from the observation that the literature rarely treats the three objectives together. A topic relevant for high-risk AI Act systems, where the requirements on non-discrimination and data protection coexist within the same assessment, and the trade-offs must be documented.

arXiv

---

AI ACT IN A NUTSHELL - Part 23

Article 27 - Fundamental Rights Impact Assessment

After examining, in the last installment, the general obligations of deployers of high-risk systems under Article 26, we now focus on a specific and particularly significant instrument that complements those obligations: the Fundamental Rights Impact Assessment (FRIA), governed by Article 27. It is one of the most relevant innovations of the AI Act, introducing a preventive assessment expressly dedicated to the fundamental rights of people affected by the use of AI systems into the European regulatory landscape.

Who the FRIA applies to

The obligation does not concern all deployers of high-risk systems, but a well-defined audience. The FRIA must be carried out by:

Many private deployers that use high-risk systems in other areas are therefore excluded, even though the general obligations of Article 26 continue to apply.

What the assessment requires in practice

The FRIA must be carried out before the first use of the high-risk system and must document, in a structured way, several elements: a description of the deployer’s processes in which the system will be used, the period and frequency of use, the categories of natural persons and groups likely to be affected, the specific risks of harm to those subjects (taking into account the information provided by the provider under Article 13), the human oversight measures that will be adopted, and, finally, the measures to be implemented if those risks materialize, including internal governance arrangements and complaint mechanisms.

An important practical aspect: if any of these elements change during use, the deployer must update the assessment.

The relationship with the DPIA and practical implications

For those who work daily with the GDPR, Article 27 offers a significant opening: where the deployer is already required to carry out a data protection impact assessment (DPIA) under Article 35 GDPR, the FRIA can be conducted in combination with it, avoiding documentary duplication. This integration, however, will require methodological care: the DPIA focuses on the risks to rights and freedoms connected to the processing of personal data, while the FRIA has a broader scope, covering all fundamental rights potentially affected, regardless of the personal nature of the data processed.

In operational terms, organizations will need to set up multidisciplinary teams (DPO, legal, compliance, business owner, technical experts) and define methodologies to intercept risks of algorithmic discrimination, impacts on freedom of expression, access to essential services, and human dignity. A concrete example: a municipality intending to use an AI system to allocate social housing will have to assess not only data-processing risks but also possible indirect discrimination against certain categories, the impact on access to housing, and the contestation mechanisms available to citizens.

For a deeper look at why the GDPR and the AI Act keep the DPIA and the FRIA as two distinct assessments — while allowing them to be carried out jointly — see the Article on the blog:

DPIA and FRIA: Why GDPR and AI Act Keep Two Different Assessments Apart

.

Notification to the Authority and standardized template

Once the assessment is completed, the deployer must notify the market surveillance authority of its results, using the template that the AI Office is required to prepare through a dedicated automated questionnaire. This step makes the FRIA not a mere internal exercise, but an instrument of transparency toward the competent authorities.

On the sanctions front, a violation of Article 27 falls under the general regime of Article 99 of the AI Act, with administrative fines of up to 15 million euros or 3% of worldwide annual turnover.

Next installment

In Part 24, we will address Article 28 - Notifying authorities, analyzing the role of Member States in designating the national authorities responsible for the procedures of assessment, designation, notification, and monitoring of conformity assessment bodies.

Registration in the EU database of the high-risk systems listed in Annex III is instead governed by Article 49, while Article 71 establishes and regulates the European database; that topic will be the subject of a later installment.

---

Taking stock in ten stages

After examining, in the last installment, the obligations that the AI Act imposes on legal professionals, it is time to take stock of this path. Ten stages have led us through the fundamentals of Legal Prompting: from the initial definition to the hierarchy of sources, from the construction of structured prompts to the role of context, up to the deontological and regulatory implications. A journey that does not end here, but that provides an operational map for those who want to integrate AI into their professional practice in a conscious way.

The common thread has been clear: Legal Prompting is not a creative-writing technique, but a discipline that interweaves legal competence, methodological rigor, and professional responsibility. We have seen how a well-constructed prompt — one that recalls the applicable rule, indicates the jurisdiction, defines the role of the interlocutor, and specifies the output format — can transform a generalist tool into a useful assistant for regulatory reconnaissance, the first draft of an opinion, or the review of a contractual clause.

Three principles have consistently emerged. The first: language models produce plausible outputs, not legal truths. The professional’s oversight remains irreplaceable; it is not a deontological ornament but the safeguard that distinguishes the use of AI from professional abdication. The second: the European framework — AI Act, GDPR, codes of conduct, Italian Law 132/2025 — is not a decorative backdrop, but a perimeter that conditions every operational choice, from the type of data processed to the risk assessment of the system used. The third: the choice between local models and cloud solutions is not a technical matter to be delegated to IT, but a decision that involves professional secrecy, responsibility toward the client, and compliance.

Future directions

What awaits us in the coming installments? We will enter the applied terrain: prompts for drafting DPIA opinions, techniques for analyzing the Garante’s measures, query models for European case law, and workflows for auditing contractual clauses. We will also address more advanced topics, including the comparative evaluation of models, the use of retrieval-augmented generation systems in the legal field, and the construction of reusable prompt libraries.

The path so far has laid the foundations; what follows will build the practice. Those who missed the initial stages can recover the overall picture in the introductory Article:

Legal Prompting: The New Frontier of AI in the Legal Field

.

A final consideration. Legal Prompting is not meant to replace the jurist, but to redefine their tools. Like any technology that affects the profession, it requires study, critical experimentation, and dialogue among colleagues. This column aims, modestly, to be a space for that dialogue.

---

PODCAST

The first season of the NicFab Podcast, dedicated to Legal Prompting, concluded with its tenth and final episode, published last week. The series covered, from the fundamentals to the deontological and regulatory implications, the disciplined use of AI systems in legal practice. The entire season remains available on the podcast channel.

Listen to the series →

NicFab Podcast — Legal Prompting

---

FROM THE NICFAB BLOG

Magnifica Humanitas: Pope Leo XIV’s encyclical enters the AI regulatory perimeter

May 25, 2026

Magnifica Humanitas, signed on May 15, 2026, is the first encyclical entirely dedicated to the relationship between the person and artificial intelligence. A legal reading of its intersections with the AI Act, GDPR, DSA, and digital governance.

Read the full Article

The EU ratification of the Framework Convention on AI: AI Act, fundamental rights, and the new regulatory architecture

May 25, 2026

Legal analysis of the EU ratification of the Council of Europe Framework Convention CETS 225 on artificial intelligence, deposited on May 15, 2026, and its articulation with Regulation (EU) 2024/1689 (AI Act). Systemic implications, the Union’s declaration under Article 3(1)(b), the national security exception.

Read the full Article

---

Reported events and meetings

120th Plenary meeting (May 28, 2026)

EDPB |

Info

High-Level Debate: “From Omnibus to Opportunity: Driving Data Protection and Innovation” (June 8, 2026)

EDPS |

Info

Meeting Committee on Civil Liberties, Justice and Home Affairs (LIBE), European Parliament (June 8, 2026)

EDPB |

Info

Info session - Call for proposals Digital solutions for regulatory compliance through data (June 8, 2026)

European Commission |

Info

Meeting Data Protection Working Group, Council (June 12, 2026)

EDPB |

Info

---

Conclusion

There is a precise geometry to the events of these seven days, and it traces a direction worth naming: Europe is ceasing to pretend that technological sovereignty is an industrial problem and is beginning to treat it as a data protection problem. These are two different things, and the shift is important.

The Italian Garante’s intervention on the start-up behind the emotional plugin for Slack and Teams is not an isolated case of regulatory paternalism. It is the recognition that AI applied to cognitive worker monitoring produces legally relevant effects even when the data remain aggregated. The technical promise of anonymization is no longer enough to defuse the judgment on the unlawfulness of the processing: context matters, the power asymmetry matters, and the chilling effect matters. Those who continue to sell “wellbeing analytics” tools, thinking that aggregate dashboards are enough to stay outside the GDPR, have misread the wind.

On the cloud front, the convergence is even sharper. The CNIL’s qualifications on IaaS, PaaS, and SaaS, the case of the sub-processor overwhelmed by a cyberattack, and the five-million-euro fine to IQVIA over health data warehouses: these are three angles on the same problem, namely the traceability of responsibilities along increasingly opaque supply chains. And here comes the anticipation of the package that the Commission is expected to present on June 3, with the public cloud stress tests. For years, we discussed Schrems II as if it were a problem of contractual clauses. Now the issue shifts to the operational plane: who really controls the infrastructure when it stops working, by political choice or by attack?

The two-hundred-million fine to Temu under the DSA closes the circle symmetrically. Europe strikes an extra-EU operator for the inadequacy of its risk assessments while preparing defenses against dependence on extra-EU operators that handle its most sensitive data. It is not hypocrisy: it is the acknowledgment that the digital single market, without credible infrastructural autonomy, remains an exercise in soft power without hardware.

It is plausible that over the next eighteen months, the notion of “strategic supplier” will increasingly enter the operational lexicon of European data protection, with reinforced obligations that will go beyond the classic processor perimeter. PETs, while remaining a serious but non-decisive technical promise, risk being invoked to justify transfers that would instead require more solid architectural choices. Those who advise clients on cloud contracts would do well to prepare for a season in which due diligence will cease to be about documents and become about engineering.

---

📧 Edited by Nicola Fabiano

Lawyer - Fabiano Law Firm

🌐 Fabiano Law Firm:

https://www.fabiano.law

🌐 Blog:

https://www.nicfab.eu

🌐 DAPPREMO:

https://www.dappremo.eu

---

Supporters

https://lawandtechnology.eu/

https://caffe20.it/

https://privacykit.it/

---

To receive the newsletter directly in your inbox,

subscribe at nicfab.eu

Follow the news also on these channels:

Telegram

Telegram →

@nicfabnews

Matrix

Matrix →

#nicfabnews:matrix.org

Mastodon

Mastodon →

@nicfab@fosstodon.org

Bluesky

Bluesky →

@nicfab.eu

Support my independent work

This newsletter is part of my independent research and outreach work on artificial intelligence, data protection, digital rights and open knowledge. If you find it useful, you may support it through

Liberapay

.

---

.newsletter-subscription-box {

max-width: 600px;

margin: 2.5rem auto;

padding: 2.5rem;

background: linear-gradient(135deg, #f8f9fa 0%, #e9ecef 100%);

border-radius: 12px;

border: 2px solid #7f1d1d;

box-shadow: 0 4px 6px rgba(0,0,0,0.1);

}

.newsletter-form-group {

margin-bottom: 1.5rem;

}

.newsletter-form-label {

display: block;

font-size: 1.1rem;

font-weight: 700;

margin-bottom: 0.75rem;

color: #1a1a1a;

}

.newsletter-form-input {

width: 100%;

padding: 1rem;

border: 2px solid #ddd;

border-radius: 8px;

font-size: 1rem;

transition: all 0.3s ease;

box-sizing: border-box;

}

.newsletter-form-input:focus {

outline: none;

border-color: #7f1d1d;

box-shadow: 0 0 0 4px rgba(127, 29, 29, 0.1);

}

.newsletter-captcha-group {

margin-bottom: 1.5rem;

display: flex;

justify-content: center;

}

.newsletter-submit-btn {

width: 100%;

padding: 1.25rem;

background: #7f1d1d;

color: white;

border: none;

border-radius: 8px;

font-size: 1.1rem;

font-weight: 700;

cursor: pointer;

transition: all 0.3s ease;

text-transform: uppercase;

letter-spacing: 0.5px;

}

.newsletter-submit-btn:hover {

background: #991b1b;

transform: translateY(-2px);

box-shadow: 0 4px 12px rgba(127, 29, 29, 0.3);

}

.newsletter-submit-btn:disabled {

background: #9ca3af;

cursor: not-allowed;

transform: none;

box-shadow: none;

}

.newsletter-privacy-notice {

margin-top: 1.5rem;

text-align: center;

font-size: 0.9rem;

color: #666;

line-height: 1.6;

}

.newsletter-privacy-notice a {

color: #7f1d1d;

text-decoration: underline;

font-weight: 600;

}

Email Address *

Name

Subscribe to Newsletter

We respect your privacy. Double opt-in required. Unsubscribe anytime.

Privacy Policy

---

Back to newsletter list

English section

Home

Proxied content from gemini://nicfab.eu/en/newsletteren/2026/2026-06-02-issue-23_en.gmi

Gemini request details:

Original URL
gemini://nicfab.eu/en/newsletteren/2026/2026-06-02-issue-23_en.gmi
Status code
Success
Meta
text/gemini;lang=en-US
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.