The Swedish Data Protection Authority responded Monday to what it said were many questions about personal data transfers to the U.S. It noted that the 2023 EU-U.S. data privacy framework (DPF) permits trans-Atlantic data flows. A key factor underlying the European Commission's adequacy decision that permits such data transfers was the creation of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).

The Danish Data Protection Agency and the Danish Agency for Digitalization announced the opening of a second round of applications to their AI regulatory sandbox. The sandbox provides companies with access to free guidance on the General Data Protection Regulation and risk classification under the EU AI Act.

The U.K. Information Commissioner's Office (ICO) Monday announced investigations into how three social media and video-sharing platforms use children's personal data. It's probing how TikTok uses personal data of teens 13 to 17 years old to make recommendations to them, and how Reddit and Imgur assess the age of child users.

CNIL’s compliance unit for connected vehicles will turn its focus to dashcams, the French data protection regulator said Wednesday. CNIL said it had received much correspondence on the lack of a specific legal framework for these on-board cameras, which may infringe the privacy rights of those filmed, it said.

European privacy law changes might be needed to address legal uncertainty related to interplay between Europe’s AI Act and the General Data Protection Regulation (GDPR), said the European Parliamentary Research Service in a report released Wednesday.

The European Union’s Court of Justice Thursday issued a preliminary ruling that said data subjects are entitled to an explanation of how an automated decision was made. The court sided with an Austrian court's previous ruling that said an automated credit check of a mobile provider customer that didn't offer the customer an explanation of the logic behind its decision, violated the GDPR.

U.K. regulator Ofcom on Tuesday announced that it had published draft guidelines on measures that technology firms can implement to improve women’s and girls’ safety online, requiring websites and apps to take some responsibility for preventing user harm.

The Irish Data Protection Commission circulated a draft decision in a TikTok inquiry to other concerned supervisory authorities across the EU and European Economic Area (EEA), the Irish DPC said Monday.

The European Commission is "studying the impact" of President Donald Trump's executive order that requires independent agencies and executive branch bodies to submit regulatory actions to the White House before they're finalized (see 2502180069). The order could influence the EU-U.S. Data Privacy Framework, an EC spokesperson emailed Friday.

Ireland will announce plans to introduce a Regulation of Artifical Intelligence Bill in its spring legislative program that will enact the EU AI Act into the country's law, AI attorney Barry Scannell, wrote in a post on LinkedIn Thursday. "[S]till in its early stages," the legislation would enact the EU AI Act into national law, said Scannell, a member of the country's AI Advisory Council. The council was established in 2024 by the Minister of State for Digital to provide independent expert advice to the government on AI policy.