The U.K. Information Commissioner's Office (ICO) Wednesday launched a free online tool to help small organizations ensure their direct marketing activities comply with the Privacy and Electronic Communication Regulations and the U.K. General Data Protection Regulation. The direct marketing advice generator will provide "reliable compliance advice, tailored to their own direct marketing activities, in minutes," the ICO said. The tool covers email, SMS, direct mail, social media, telemarketing and more. It's "crucial" that organizations comply with direct marketing rules, the ICO said, because it avoids customer complaints and fines.

The Dutch Foundation for Market Information Research (SOMI) filed four cross-border class actions in Germany against TikTok and X. Announced Wednesday, the multi-billion-euro lawsuits seek injunctive relief and damages for violations of German and EU law, particularly the Digital Services Act (DSA), General Data Protection Regulation (GDPR) and AI Act (AIA). Leipzig, Germany-based law firm Spirit Legal announced the suits.

The European Commission published guidelines on prohibited AI practices under the European Union’s AI Act, the EC said Tuesday. The law’s AI prohibitions took effect Sunday (see 2501070022).

The Slovenian Information Commissioner Monday launched the "Become a Privacy PRO (tector)" project, an effort to raise awareness of personal data protection among children, young people and their caregivers.

The Policy Data Protection Authority fined medical center Centrum Medyczne Ujastek around $278,000 for installing imaging devices that recorded in two rooms of the neonatology branch. The authority said the center breached applicable regulations, didn't inform patients and staff about the recordings, and used unencrypted memory cards, which were later stolen. The monitoring recorded a picture showing newborns and their mothers during intimate activities such as feeding, the regulator said.

French data protection authority CNIL Friday published the final version of its guide on impact assessment of data transfers. The guide aims to ensure that companies ensure the same level of protection as the General Data Protection Regulation (GDPR) in their data flows.

Poland wants closer ties with the ITU as the nation begins its EU Council presidency (Jan. 1 - June 30), Secretary of State Michal Gramatyka, Ministry for Digital Affairs, said at the recent Data Protection Day conference in Brussels. This initiative has implications for privacy and data protection issues and policies, Gramatyka wrote in an email Friday.

Social media networks have adopted between 44% and 76.5% of practices recommended for complying with the General Data Protection Regulation's data subject access rules, French privacy watchdog CNIL said Thursday in an unofficial translation.

The European Court of Justice's General Court ruled Wednesday that the Irish Data Protection Commission (DPC) acted unlawfully when it refused to investigate a complaint from Noyb, the Austrian privacy organization. The ruling was issued in Data Protection Commission v. European Data Protection Board (joined cases T‑70/23, T‑84/23 and T‑111/23).

The Catalan (Spain) Data Protection Authority Tuesday published its methodology for fundamental rights impact assessments. It aims to give AI providers and deployers an "effective tool to develop trustworthy and human-centered AI solutions," the watchdog said.