The Computer & Communications Industry Association raised concerns Friday about reports that the U.K. government has ordered Apple to create a backdoor in its devices, giving security services access to users’ encrypted Apple files worldwide. The order was apparently issued under the U.K.’s Investigatory Powers Act, CCIA said. “As the recent Salt Typhoon breach makes clear, end-to-end encryption may be the only safeguard standing between Americans' sensitive personal and business data and foreign adversaries,” said CCIA President and CEO Matt Schruers: “Decisions about Americans' privacy and security should be made in America, in an open and transparent fashion, not through secret orders from abroad requiring keys be left under doormats.” Apple didn't comment.

The Swiss Federal Data Protection and Information Commissioner Friday published a guide to handling data breaches. Among other things, it covers the concept of "probable high risk" from a breach, and defines the conditions for informing data subjects in the event of a violation of data security.

The Latvian Data State Inspectorate published advice for protecting children's personal data when schools post academic accomplishments obtained from educational information systems. Processing children's data must be done for the benefit of the student, it said. If the reason for the processing is to showcase the best students and rank each pupil's place among classmates to motivate them to work harder, the data processing isn't proportionate because it could lead to harassment of poorer students.

French Data Protection Authority CNIL Friday released two recommendations to support responsible AI innovation while protecting people's rights. The recommendations illustrate how the General Data Protection Regulation (GDPR) fosters development of innovative and responsible AI in Europe, it said. They give concrete solutions for informing people whose data was used and helping them exercise their rights, it said.

The European Commission and U.K. Information Commissioner's Office (ICO) are responding cautiously to questions about the implications for trans-Atlantic data flows of reports that Elon Musk is accessing the personal data of millions of Americans. However, the Danish Data Protection Authority (DPA) recently warned businesses that the activities of the Trump Administration could threaten the EU-U.S. Data Privacy Framework (DPF).

The U.K. Information Commissioner's Office published guidance for collecting and keeping employer records. It aims to help employers understand their obligations under the UK General Data Protection Regulation and Data Protection Act 2018. The guidance is intended to be read alongside other guidance on data protection and employment, particularly the guidance on information about workers' health and monitoring workers, the office said.

The European Commission published draft guidelines on AI system definition to explain the practical application of the legal concept as used in the EU AI Act. The idea is to help AI providers and others determine whether a software system is an AI system. The guidelines aren't binding, and are designed to be updated over time as needed, the EC said.

Operators of online marketplaces that post free or paid advertisements may be exempt from liability for illegal content under the EU e-commerce directive if they're merely hosting providers, but they're liable under the General Data Protection Regulation (GDPR) for ensuring the security of users' personal data processed with regard to third parties, a European Court of Justice (ECJ) Advocate General (AG) said in an opinion Thursday.

The Hellenic Data Protection Authority launched an investigation into the legality under the General Data Protection Regulation of the DeepSeek AI application, it announced Thursday. The Greek regulator is also probing a personal data breach of WhatsApp users by spyware after the social media site notified the watchdog of the breach.

The European Data Protection Board will discuss DeepSeek at its Feb. 11 plenary. Several Data Protection Authorities are investigating the AI chatbot (see 2502030001). The board could also approve a statement on age assurance.