Finding common ground on data protection "remains a challenging task, primarily because privacy is deeply shaped by cultural, legal, and economic contexts," Ginervra Cerrina Feroni, vice-president of Italian privacy watchdog Garante, said in an email. The General Data Protection Regulation (GDPR), for example, is rooted in a fundamental rights-based approach, while frameworks like the Global Cross Border Privacy Rules (CPBR) system emphasize voluntary compliance and flexibility, reflecting different traditions and priorities.
PayPal must pay a $2 million penalty to New York for violating elements of the state's Department of Financial Service’s Cybersecurity Regulation, announced the department's Superintendent Adrienne Harris on Thursday. An investigation found that the financial technology company employed unqualified personnel to manage key cybersecurity functions. In addition, it didn't provide proper training in addressing cybersecurity risks, prompting sensitive customer information to be accessible to cybercriminals, the department said.
President Donald Trump's reported decision to fire the three Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB) is raising concerns about the future of the hard-won trans-Atlantic data privacy framework (DPF), privacy experts said. It's not yet clear what impact Trump's Executive Order might have, however, and the European Commission is monitoring the situation, it said.
The Trump administration should resist the temptation to overturn former President Joe Biden’s executive orders concerning the EU-U.S. Data Privacy Framework, lawyers Cameron Kerry and Shane Tews blogged Friday in LawFare.
The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
Personal data transfer policies and regulatory developments risk chipping away at some elements that have made international data flows part of everyday reality, Hogan Lovells privacy lawyer Eduardo Ustaran posted.
Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.