Finding common ground on data protection "remains a challenging task, primarily because privacy is deeply shaped by cultural, legal, and economic contexts," Ginervra Cerrina Feroni, vice-president of Italian privacy watchdog Garante, said in an email. The General Data Protection Regulation (GDPR), for example, is rooted in a fundamental rights-based approach, while frameworks like the Global Cross Border Privacy Rules (CPBR) system emphasize voluntary compliance and flexibility, reflecting different traditions and priorities.
CNIL, the French regulator, will pay "particular attention" in coming months to whether software development kit (SDK) providers are complying with the GDPR, it announced Tuesday (according to an informal translation). SDK providers play a central role in the operation of mobile apps. Popular SDKs include audience measurement and advertising monetization, the CNIL document said. When the regulator published recommendations earlier on integrating SDKs and implementing controls to ensure GDPR compliance, it notified SDK suppliers that it would start checking compliance this spring.
There are grounds for "intense" collaboration among authorities responsible for enforcing EU digital laws such as the General Data Protection Regulation (GDPR) and AI Act (AIA), privacy lawyer Petruta Pirvan said during a Sypher webinar Wednesday in Bucharest, Romania. Especially in the context of AI systems that process personal data, logic is strong for regulators cooperating, said Pirvan, a member of the European Commission's GPAI code of practice working group.
In addition to an increase in privacy laws, 2025 is expected to bring an escalation of privacy and data protection claims under old laws, said International Association of Privacy Professionals (IAPP) members on a webinar Wednesday.
The European Data Protection Board (EDPB) Friday clarified the use of pseudonymized data for EU General Data Protection Regulation compliance. Comments on the guidelines are due Feb. 28.
Mobile apps often process personal data that users provide or is collected directly when the app accesses resources in smartphones and tablets, French data protection agency CNIL said Tuesday, according to an unofficial translation.
Privacy laws in the EU and at the state level in the U.S. serve as a basis for building an AI regulation regime, Morrison Foerster’s Marian Waldmann Agarwal and Marijn Storm said during a webinar about the intersection of privacy and AI last week. The partners discussed recent AI regulatory developments and their intersection with privacy obligations.
Transport companies lack legitimate interest under the EU General Data Protection Regulation (GDPR) in requiring customers to indicate their title before purchasing train tickets, the European Court of Justice (ECJ) held in a preliminary ruling Thursday.
Data protection authorities (DPAs) may not limit the number of complaints a person files during a certain period under the EU General Data Protection Regulation (GDPR) unless they find that person is abusing the process, the European Court of Justice held Thursday (Case C-416/23). DPAs seeking to rid themselves of complaints is an EU-wide issue, though this case arose in Austria, said Austrian privacy campaigner Max Schrems.
Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.