Social media networks have adopted between 44% and 76.5% of practices recommended for complying with the General Data Protection Regulation's data subject access rules, French privacy watchdog CNIL said Thursday in an unofficial translation.

The European Court of Justice's General Court ruled Wednesday that the Irish Data Protection Commission (DPC) acted unlawfully when it refused to investigate a complaint from Noyb, the Austrian privacy organization. The ruling was issued in Data Protection Commission v. European Data Protection Board (joined cases T‑70/23, T‑84/23 and T‑111/23).

The Catalan (Spain) Data Protection Authority Tuesday published its methodology for fundamental rights impact assessments. It aims to give AI providers and deployers an "effective tool to develop trustworthy and human-centered AI solutions," the watchdog said.

Personal data protection is important but shouldn't be an unnecessary obstacle to innovation and development, the Swedish Data Protection Authority said Tuesday in a newspaper op-ed unofficial translation. Accordingly, there are good reasons to consider criticism of the General Data Protection Regulation (GDPR), it added.

French privacy regulator CNIL received notice of more than 5,600 personal data breaches in 2024, a 20% increase from 2023, it reported Tuesday in unofficial translation. Even worse, it said, was the "worrying trend" of very large-scale violations last year. In response, the regulator said, cybersecurity has become one of its priorities this year. That means supporting organizations via recommendations for protecting personal data in light of evolving threats; placing controls on organizations' implementation of safety measures; and making individuals aware of cybersecurity so they can help safeguard their data. The CNIL also said it will boost coordination with cybersecurity actors, including France's cybersecurity agency.

The Danish Data Protection Agency Monday published two security measures relating to the safe transmission of data, according to an unofficial translation. The measures replace some existing guidance on data transmission via e-mail and SMS, an area that can quickly become obsolete, it said.

Data processors who use databases freely available online or provided by a third party such as a data broker must verify that their formation or sharing isn't "manifestly unlawful," French privacy regulator CNIL warned Friday (in an unofficial translation). Whoever compiles, uploads or shares the database must comply with laws banning theft or distribution of stolen data and must check that the information isn't the result of a data leak, it said.

"The collaborative spirit among EU institutions is not only encouraged but also necessary" for managing the plethora of EU digital laws, Thomas Regnier, European Commission tech sovereignty spokesperson, said Friday (see 250121000).

Avoid using integrated AI tools such as Copilot without thoroughly assessing them in advance, and ensuring control mechanisms and effective user training, the Norwegian Data Protection Authority blogged Thursday in an unofficial translation. In addition, it published a report offering guidance on how companies can use AI strategically. Among other things, it said they should decide what a particular project's goals are, what areas are relevant for AI use, and what areas AI should be kept away from.

The Polish data protection authority (UODO) announced on Thursday it will focus on the security of medical data and the processing of children's data online this year. The focus includes sectors where there are increasing breaches of personal data protection regulations, it said in an informal translation. Other priorities are the processing of personal data in connection with the EU Schengen Information System and Visa Information System, and how data controllers handle data breaches.