The Council of the EU Tuesday approved rules aimed at improving cross-border access to EU health data. The European Health Data Space (EHDS) regulation will give people better access to and control over their personal electronic health data while allowing certain data to be reused for research and innovation for patients' benefit, the Council said.

Data controllers need more awareness of European Data Protection Board (EDPB) guidelines on data subjects' right of access to their personal data, the board said Monday in a report.

The European Data Protection Board (EDPB) Friday clarified the use of pseudonymized data for EU General Data Protection Regulation compliance. Comments on the guidelines are due Feb. 28.

Austrian privacy advocacy group Noyb Thursday sued TikTok, AliExpress, Shein, Temu, WeChat and Xiaomi under the General Data Protection Regulation for unlawfully transferring Europeans' personal data to China. Noyb said four of the companies conceded sending the data to China, and two acknowledged sending it to undisclosed third countries. EU law is clear, the group said: Data transfers are allowed only if the destination country doesn't undermine data protection: "Given that China is an authoritarian surveillance state, companies can't realistically shield EU users' data from access by the Chinese Authorities." The emergence of Chinese apps opens a front for EU data protection law, Noyb said.

Norwegian privacy watchdog Datatilsynet said Thursday it's carrying out a major audit of municipal schools to ensure that they're protecting the privacy and data security of their students during rapid digitization, according to an unofficial translation. Unfortunately, it said, the reality today is that municipalities too little expertise and resources to safeguard school children's privacy, and that many lack an overview of what personal data is processed in the learning tools used in teaching. The audit will provide practical guidance, it said.

The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.

French privacy regulator CNIL Thursday unveiled a 2025-2028 strategic plan focused on AI, minors' rights, cybersecurity, and mobile apps and digital identity, according to an unofficial translation.

Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.

Better cross-regulatory cooperation is needed to avoid inconsistent application of European digital laws, the European Data Protection Supervisor (EDPS) said Wednesday. The office published a plan for Digital Clearinghouse 2.0, which proposes a consistent, coherent enforcement approach for EU laws regulating digital markets.

The European Parliament Civil Liberties, Justice and Home Affairs Committee Thursday will vet candidates for European Data Protection Supervisor for 2025-2030. The contenders proposed by the European Commission are: Bruno Gencarelli, Francois Pellegrini, Ana Pouliou and current supervisor Wojciech Wiewiorowski. The European Parliament and the European Council jointly appoint the EDPS.