David Brazil

David Brazil is an associate in the Data Privacy and Cybersecurity Practice Group. He advises clients on emerging European regulations related to technology, consumer protection and cybersecurity law (such as the Digital Services Act, AI Act, DORA, Cyber Resilience Act and NIS-2). David has experience advising clients on their general compliance with these rules, as well as in the context of regulatory investigations for alleged non-compliance. He has experience advising companies in various sectors, including online retail, financial services and software and cloud service providers.

Contact:Read more about David BrazilEmail

On July 17, 2025, the European Commission launched a “call for evidence” and public consultation on the Digital Fairness Act (“DFA”), an anticipated new consumer protection law. The Commission seeks feedback on existing EU consumer protection laws and on proposals for how the DFA could address the following two problems with the existing laws, as identified through a “Fitness Check” of EU consumer law published in October 2024:

  • Lack of digital fairness for consumers. This particularly affects vulnerable groups such as minors, offering them suboptimal choices that can lead to financial harm, loss of time, negative health impacts, and indirect effects like environmental costs.
  • Unclear rules for businesses and market fragmentation. This results in increased business costs, hampers cross-border trade, leads to missed opportunities, and causes unfair competition, particularly from non-EU traders.

The Commission has also emphasized its objective to enhance the EU’s competitiveness, aiming for simplification of consumer protection rules and the removal of barriers within the EU Market. This includes efforts to achieve greater legal certainty regarding unfair commercial practices. The goal is to address enforcement deficiencies, regulatory gaps, and market fragmentation, as some Member States have regulated or are considering new regulation in these areas.Continue Reading Help Shape the New EU Consumer Protection Law: Join the Public Consultation on the Digital Fairness Act

On July 4, 2025, a non-paper from the Danish government signaled an intention to propose a targeted revision of the GDPR and the ePrivacy Directive to reduce the compliance burden on companies and ensure their competitiveness.  Denmark recently assumed the Presidency of the Council of the European Union and will be in a privileged position to shape EU policymaking for the next six months.  Amending the GDPR forms part of the Danish presidency program.  During this period, the European Commission is also expected to publish a fitness check on EU digital legislation, along with a digital omnibus package (see our previous blog here).Continue Reading Denmark Proposes GDPR and ePrivacy Directive Revision

On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case C‑203/22).Continue Reading CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets

On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of the Action Plan follows a number of high-profile incidents in recent years where healthcare providers across the European Union have been the target of cyber attacks.Continue Reading European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers