There are grounds for "intense" collaboration among authorities responsible for enforcing EU digital laws such as the General Data Protection Regulation (GDPR) and AI Act (AIA), privacy lawyer Petruta Pirvan said during a Sypher webinar Wednesday in Bucharest, Romania. Especially in the context of AI systems that process personal data, logic is strong for regulators cooperating, said Pirvan, a member of the European Commission's GPAI code of practice working group.
U.K. regulator Ofcom Thursday issued industry guidance detailing how apps and sites can implement effective age checks to keep children from encountering online porn and protect them from other harmful content. Pornography providers have until July to introduce age checks, it said. The office also published a statement on age assurance and children's access, and warned that its age assurance enforcement program is open for business.
Companies deploying AI in ways that the EU AI Act has banned have until Feb. 2 to stop using them, but exactly how to do that remains unclear, privacy experts told us. The European Commission consulted with stakeholders in December on the practical aspects of compliance and plans to issue guidance ahead of the deadline, an EC spokesperson emailed.
Transport companies lack legitimate interest under the EU General Data Protection Regulation (GDPR) in requiring customers to indicate their title before purchasing train tickets, the European Court of Justice (ECJ) held in a preliminary ruling Thursday.
Data protection authorities (DPAs) may not limit the number of complaints a person files during a certain period under the EU General Data Protection Regulation (GDPR) unless they find that person is abusing the process, the European Court of Justice held Thursday (Case C-416/23). DPAs seeking to rid themselves of complaints is an EU-wide issue, though this case arose in Austria, said Austrian privacy campaigner Max Schrems.
In what one privacy expert called a "dam-bursting moment," the European Court of Justice's General Court Wednesday ordered the European Commission (EC) to pay $412 (400 euros) to a German visitor to one of its websites because the site unlawfully transferred his personal data to the U.S. (Case T-354/22/ Bindl v. Commission). The EC said it would "carefully study" the judgment and its implications.
Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.