The Latvian Data State Inspectorate published a list of data processing activities that don't require data protection assessments. The guidelines aim to give organizations a practical and clear approach to risk identification and management, the privacy watchdog said.

The Dutch data protection authority (DPA) Thursday launched a public consultation on ensuring meaningful human intervention in algorithmic decision-making. If organizations use only algorithms and AI for decision-making, it said, that could result in groups being excluded or discriminated against. If they want to use algorithms and AI, it said, they must comply with the General Data Protection Regulation.

The European Data Protection Board (EDPB) will focus this year on enforcing people's "right to be forgotten," or right to erasure, via its coordinated enforcement framework (CEF), it announced Wednesday. It chose this topic as it's one of the most frequently exercised rights under the General Data Protection Regulation (GDPR) and one where data protection authorities (DPAs) receive the most complaints, the board said.

The Swedish Data Protection Authority responded Monday to what it said were many questions about personal data transfers to the U.S. It noted that the 2023 EU-U.S. data privacy framework (DPF) permits trans-Atlantic data flows. A key factor underlying the European Commission's adequacy decision that permits such data transfers was the creation of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).

The Danish Data Protection Agency and the Danish Agency for Digitalization announced the opening of a second round of applications to their AI regulatory sandbox. The sandbox provides companies with access to free guidance on the General Data Protection Regulation and risk classification under the EU AI Act.

The U.K. Information Commissioner's Office (ICO) Monday announced investigations into how three social media and video-sharing platforms use children's personal data. It's probing how TikTok uses personal data of teens 13 to 17 years old to make recommendations to them, and how Reddit and Imgur assess the age of child users.

CNIL’s compliance unit for connected vehicles will turn its focus to dashcams, the French data protection regulator said Wednesday. CNIL said it had received much correspondence on the lack of a specific legal framework for these on-board cameras, which may infringe the privacy rights of those filmed, it said.

European privacy law changes might be needed to address legal uncertainty related to interplay between Europe’s AI Act and the General Data Protection Regulation (GDPR), said the European Parliamentary Research Service in a report released Wednesday.

The European Union’s Court of Justice Thursday issued a preliminary ruling that said data subjects are entitled to an explanation of how an automated decision was made. The court sided with an Austrian court's previous ruling that said an automated credit check of a mobile provider customer that didn't offer the customer an explanation of the logic behind its decision, violated the GDPR.

U.K. regulator Ofcom on Tuesday announced that it had published draft guidelines on measures that technology firms can implement to improve women’s and girls’ safety online, requiring websites and apps to take some responsibility for preventing user harm.