French data protection regulator CNIL launched a consultation on a draft recommendation about how healthcare institutions should handle electronic patient records.

Open AI's ChatGPT regularly "hallucinates" about people, providing false information without giving them a way to correct it, European privacy advocacy group Noyb charged Thursday in a complaint to the Norwegian Data Protection Authority.

The Norwegian Data Protection Authority (DPA) announced Thursday it's conducting an audit of the country's Immigration Directorate.

French regulator CNIL and the country's Competition Authority exchanged views earlier this month about the links between data protection and competition in AI development, CNIL announced Thursday.

The Swiss Federal Data Protection and Information Commissioner closed its informal preliminary investigation into X's use of data for training its AI system Grok, it announced Thursday. It found that X users can refuse to have their public messages used for AI training, and that the platform is in compliance with the country's privacy law.

The Luxembourg Administrative Tribunal Wednesday upheld a July 2021 decision by the National Data Protection Commission that slapped Amazon with a fine of 746 million euros ($808 million) for General Data Protection Regulation (GDPR) breaches. The court also ordered the platform to take corrective measures or face a daily penalty of 746,000 euros.

The European Commission has "seen the news about the dismissal of two FTC Commissioners," an EC spokesperson emailed us Thursday. "We will follow closely any appointment procedure and judicial proceedings concerning members of the FTC." The dismissals have sparked uncertainty about the future of the EU-U.S. Data Privacy Framework which enables trans-Atlantic flows of personal data (see 2503190046).

The European Data Protection Board (EDPB) Wednesday published a cooperation procedure for approval of Binding Corporate Rules (BCRs) for data controllers and processors. The European Commission defines BCRs as "data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises." BCRs must include all general data protection principles and enforceable rights, and must be legally binding.

Acknowledging that data is one of Britain's most valuable assets, the U.K. government Monday sought public input on ensuring safe and secure access to data and building public trust.

The Czech Republic's Office for Personal Data Protection unveiled its 2025 priorities, saying it will focus on how data from public administration registers and information systems is used. In addition, the PDA will study retailers' practice of making discounts conditional on the processing of people's personal data.