A high school in Romania breached the General Data Protection Regulation by processing personal data through a video surveillance system whose monitors were illegally and excessively installed in the principal's office, giving his personal phone access to images and audio captured in hallways, the stairwell and bathrooms. The Romanian National Supervisory Authority for Personal Data Processing announced results of its investigation Feb. 7.
Privacy and data protection laws are mushrooming, with nearly 150 countries adopting such regulations, speakers said during a Thursday IAPP webinar. There are 144 nations with national data protection measures, covering nearly 82% of the world's population, IAPP said in an updated report.
The EU needs a consistent approach to age assurance, the European Data Protection Board (EDPB) said in a statement Wednesday after its Feb. 9 plenary. It set out specific guidance and high-level principles arising from the General Data Protection Regulation (GDPR) that it said should be considered when personal data is processed in the context of age verification.
The European Commission withdrew two controversial pieces of legislation from its 2025 work program, bringing cheers Wednesday from the tech sector as a consumer group jeered.
French Data Protection Authority CNIL Friday released two recommendations to support responsible AI innovation while protecting people's rights. The recommendations illustrate how the General Data Protection Regulation (GDPR) fosters development of innovative and responsible AI in Europe, it said. They give concrete solutions for informing people whose data was used and helping them exercise their rights, it said.
Operators of online marketplaces that post free or paid advertisements may be exempt from liability for illegal content under the EU e-commerce directive if they're merely hosting providers, but they're liable under the General Data Protection Regulation (GDPR) for ensuring the security of users' personal data processed with regard to third parties, a European Court of Justice (ECJ) Advocate General (AG) said in an opinion Thursday.
The Dutch Foundation for Market Information Research (SOMI) filed four cross-border class actions in Germany against TikTok and X. Announced Wednesday, the multi-billion-euro lawsuits seek injunctive relief and damages for violations of German and EU law, particularly the Digital Services Act (DSA), General Data Protection Regulation (GDPR) and AI Act (AIA). Leipzig, Germany-based law firm Spirit Legal announced the suits.
Regulators are looking harder at privacy and expanding what constitutes personal data, sensitive data and consumer health information, Grindr Chief Privacy Officer (CPO) Kelly Peterson said Wednesday during Privado’s Bridge Summit. However, Aaron Weller, HP privacy innovation leader, said it’s “not just about laws and regulations” for businesses seeking to prioritize privacy. “It’s also who are your customers and what are your customers’ expectations?”
The European Commission hasn't taken formal steps under the AI Act (AIA) concerning the DeepSeek AI chatbot, an EC spokesperson told us. However, several EU data protection authorities (DPAs) are probing whether DeepSeek has complied with the General Data Protection Regulation (GDPR).
French data protection authority CNIL Friday published the final version of its guide on impact assessment of data transfers. The guide aims to ensure that companies ensure the same level of protection as the General Data Protection Regulation (GDPR) in their data flows.