Balancing access to data and confidentiality is getting tougher as data sharing continues to drive innovation, European Data Protection Supervisor Wojciech Wiewiorowski said Thursday. However, secure multi-party computation (SMPC) could reconcile those conflicting goals by allowing organizations to jointly compute insights without revealing the underlying data, he said.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
There remains a need for the federal government to establish “lanes” limiting how states can regulate AI technology, Rep. Jay Obernolte, R-Calif., told reporters Wednesday.
The Trump administration should work with Congress to preempt burdensome AI regulations at the state level, industry groups told the White House Office of Science and Technology Policy in comments due Monday. Meanwhile, consumer advocates urged OSTP to protect civil rights through mandatory auditing, transparency standards and human oversight of high-risk AI systems.
Privacy and other civil society advocates are the "regulators of last resort" seeking to uphold human rights in the age of AI, speakers said Wednesday during a hearing of the U.K. Parliament Joint Human Rights Committee. Lawmakers are considering recommendations to the government on AI regulation and rights protections.
U.S. company Clearview AI is "spitting in the face of EU authorities" by continuing to scrape people's online photos and selling its facial recognition database to law enforcement agencies and governments, Austrian privacy advocate Noyb said Tuesday as it filed a criminal complaint with Austrian public prosecutors. Clearview didn't immediately comment.
The U.K. Online Safety Act (OSA) has made progress in the two years since it took effect, but broad gaps remain in child-protection provisions, said 5Rights Foundation, an international children's rights advocacy group.
While there hasn't been a big headline for privacy in 2025, many important smaller developments occurred, George Washington University law professor Daniel Solove and Red Clover Advisors CEO Jodi Daniels said during a webinar Solove hosted Thursday.
Companies should be ready to comply with European AI regulations because the EU AI Act will influence U.S. regulation just as the GDPR did, attorneys at Marashlian & Donahue said during a Tuesday webinar.
With targeted political advertising in Europe now governed by new rules that complement the GDPR, French watchdog CNIL published practical guides Tuesday to make sure that data processing done in the course of political communications is privacy-compliant.
The European Parliament voted 533-43 to back rules to speed up cross-border GDPR enforcement, it announced Tuesday.