The controversial U.K. Data Use (and Access) Bill (DUA), which cleared Parliament Wednesday night and awaits Royal Assent before becoming law, continues to spark concerns about whether its divergences from the General Data Protection Regulation (GDPR) and other EU laws will adequately protect Europeans' personal data. Moreover, passage of the bill could prompt the European Commission to deny adequacy status to Britain's data-protection regime, privacy attorneys and civil society groups said.

Meta AI users posting what's typically private information for everyone to see on the app is raising questions about whether all users understand they’re sharing their AI queries with the world. Users on X posted about the trend this week with many examples.

Ireland's Department of Social Protection (DSP) breached the General Data Protection Regulation when it collected biometric data in connection with registrations needed on applications to obtain a public services card, the Data Protection Commission (DPC) announced Thursday.

Sen. Rand Paul, R-Ky., joined Republican opposition to the proposed federal moratorium that would block enforcement of states' AI laws for 10 years (see 2506060019).

SANTA CLARA, Calif. -- Privacy engineers should put their heads down and forge ahead with AI governance initiatives regardless of what’s happening in Congress, at the state level or elsewhere, said panelists Tuesday at the USENIX Privacy Engineering Practice and Respect (PEPR) conference. Legal uncertainty may just be a fact of life for the privacy practitioner, they said.

The Michigan Senate Committee on Finance, Insurance and Consumer Protection cleared a comprehensive privacy bill during its meeting Wednesday on a 5-3 vote. A bipartisan group of senators recently introduced SB-359, or the personal data privacy act (see 2506060043). The legislation comes after Michigan failed to pass a similar consumer privacy measure last year (see 2412300043).

Senators raised national security concerns and urged bankrupt 23andMe to obtain specific consent from customers before it sells their personal data during a Judiciary Committee hearing Wednesday. Meanwhile, on Tuesday, several groups objected to the company's bankruptcy sale in the U.S. Bankruptcy Court for Eastern Missouri.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

SANTA CLARA, Calif. -- Advertisers and regulators are considering the potential of privacy-enhancing technologies (PETs) to balance business interests with protecting consumers’ privacy, panel members said Monday during the USENIX Privacy Engineering Practice and Respect (PEPR) conference. But whether PETs, which include differential privacy and homomorphic encryption, are up to the task is unclear, panelists said.

23andMe defended its planned sale in a statement to us Tuesday, decrying a lawsuit and separate objection filed Monday by a bipartisan group of nearly 30 state attorneys general. The AGs opposed the proposed sale of collected genetic information without each customer's consent. Founder Anne Wojcicki and interim CEO Joe Selsavage defended the company's privacy practices during a House Oversight Committee hearing Tuesday.