There are grounds for "intense" collaboration among authorities responsible for enforcing EU digital laws such as the General Data Protection Regulation (GDPR) and AI Act (AIA), privacy lawyer Petruta Pirvan said during a Sypher webinar Wednesday in Bucharest, Romania. Especially in the context of AI systems that process personal data, logic is strong for regulators cooperating, said Pirvan, a member of the European Commission's GPAI code of practice working group.
In addition to an increase in privacy laws, 2025 is expected to bring an escalation of privacy and data protection claims under old laws, said International Association of Privacy Professionals (IAPP) members on a webinar Wednesday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
The FTC’s new requirement that companies obtain separate parental consent when collecting children’s data for nonessential business purposes is a key change compliance professionals should fully understand, attorneys said Tuesday.
Almost all comprehensive state privacy laws include enforcement language against AI-related discrimination, so additional efforts to regulate automated decisions could be redundant, Minnesota Rep. Steve Elkins (D) told Privacy Daily in a recent interview.
Digital ministers from the Association of Southeast Asian Nations (ASEAN) unveiled three privacy guides this week that detail new policies and clarify existing regulations. Singapore's Personal Data Protection Commission announced their release Friday.
The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.
French privacy regulator CNIL Thursday unveiled a 2025-2028 strategic plan focused on AI, minors' rights, cybersecurity, and mobile apps and digital identity, according to an unofficial translation.
U.K. regulator Ofcom Thursday issued industry guidance detailing how apps and sites can implement effective age checks to keep children from encountering online porn and protect them from other harmful content. Pornography providers have until July to introduce age checks, it said. The office also published a statement on age assurance and children's access, and warned that its age assurance enforcement program is open for business.
Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.