Austrian privacy advocacy group Noyb Thursday sued TikTok, AliExpress, Shein, Temu, WeChat and Xiaomi under the General Data Protection Regulation for unlawfully transferring Europeans' personal data to China. Noyb said four of the companies conceded sending the data to China, and two acknowledged sending it to undisclosed third countries. EU law is clear, the group said: Data transfers are allowed only if the destination country doesn't undermine data protection: "Given that China is an authoritarian surveillance state, companies can't realistically shield EU users' data from access by the Chinese Authorities." The emergence of Chinese apps opens a front for EU data protection law, Noyb said.

Norwegian privacy watchdog Datatilsynet said Thursday it's carrying out a major audit of municipal schools to ensure that they're protecting the privacy and data security of their students during rapid digitization, according to an unofficial translation. Unfortunately, it said, the reality today is that municipalities too little expertise and resources to safeguard school children's privacy, and that many lack an overview of what personal data is processed in the learning tools used in teaching. The audit will provide practical guidance, it said.

The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.

French privacy regulator CNIL Thursday unveiled a 2025-2028 strategic plan focused on AI, minors' rights, cybersecurity, and mobile apps and digital identity, according to an unofficial translation.

Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.

Better cross-regulatory cooperation is needed to avoid inconsistent application of European digital laws, the European Data Protection Supervisor (EDPS) said Wednesday. The office published a plan for Digital Clearinghouse 2.0, which proposes a consistent, coherent enforcement approach for EU laws regulating digital markets.

The European Parliament Civil Liberties, Justice and Home Affairs Committee Thursday will vet candidates for European Data Protection Supervisor for 2025-2030. The contenders proposed by the European Commission are: Bruno Gencarelli, Francois Pellegrini, Ana Pouliou and current supervisor Wojciech Wiewiorowski. The European Parliament and the European Council jointly appoint the EDPS.

Mobile apps often process personal data that users provide or is collected directly when the app accesses resources in smartphones and tablets, French data protection agency CNIL said Tuesday, according to an unofficial translation.

The U.K. Information Commissioner's Office Monday welcomed government plans that "turbocharge" AI across the nation during the next decade. Prime Minister Keir Starmer backed a set of 50 recommendations in an AI Opportunities Action Plan aimed at positioning the U.K. ahead of the world on the technology.

During its Jan. 16 meeting, the European Data Protection Board could approve guidelines relating to the General Data Protection Regulation's Article 4 (5), which covers pseudonymization of data. Other items on the agenda include discussion of a position paper on the interplay of competition law and data protection, and a potential update of board guidelines on Data Protection Officers.