Greece's Hellenic Data Protection Authority indicated data controllers connected to electronic auctions must follow data protection rules and ensure systems protect individuals' sensitive data by design. Data controllers are obligated to only include necessary anonymized data to safeguard sensitive information.Full story
As part of its 25th anniversary, the IAPP will celebrate 25 trailblazing innovators and 25 defining moments in the last quarter century that helped establish the privacy and digital governance profession. This week, we highlight Julie Brill, AIGP, and her crucial efforts to safeguard individuals' privacy through her work as a regulator and in the private sector.Full story
The U.S. District Court for the Eastern District of Virginia ruled Google acted as a monopoly with its advertising technology practices, The New York Times reports. Judge Leonie Brinkema claimed Google's "exclusionary conduct substantially harmed Google's publisher customers, the competitive process, and, ultimately, consumers of information on the open web."Full story
The global economy is continuing to trend toward increasing data adequacy decisions that enable data free flow across jurisdictions. IAPP Research Director Joe Jones and IAPP Westin Research Fellow Kayla Bushey, CIPP/US, discuss how the increase in the number of countries that have adopted overlapping criteria to evaluate adequacy decisions is a major step toward interoperability of varying data protection regimes.
Eight U.S. state regulators formed the bipartisan Consortium of Privacy Regulators, comprising of state attorneys general and the California Privacy Protection Agency. The agencies entered into a memorandum of understanding focusing on consumer protection across jurisdictions, discussing privacy law developments, and sharing priorities and common goals.
Companies developing or implementing immersive technologies "need to … pursue compliance, particularly with those laws concerning privacy, cybersecurity and artificial intelligence" through a "compliance-by-design" approach, Mercedes-Benz Managing Counsel Michael Cole, AIGP, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, PLS, and Eversheds Sutherland Partner Michael Bahar write.
Hamburg's Commissioner for Data Protection and Freedom of Information provided information on how Meta product users can opt out of having their data used to train AI models. The agency noted those who do not want to do so should make their objections now, as it will take time for it to register with the company.Full story
CEN-CENELEC, consisting of the 34 national standardization organizations for European countries, announced it is behind schedule developing the technical standards companies would adhere to for demonstrating compliance with the AI Act, Euronews reports. CEN-CENELEC indicated work developing the AI Act standards will now extend into 2026, after they were supposed to be completed by August.Full story
The European Commission opened a public consultation for possible revisions of the 2019 Cybersecurity Act. The review will first focus on the mandate of the EU's cyber agency, the ENISA, as well as the European Cybersecurity Certification Framework and ICT supply chain security issues. The Commission intends to use the consultation as an opportunity to streamline cybersecurity rules to promote innovation.
Thirteen EU member states allegedly did not meet the cybersecurity obligations necessary to comply with the NIS2 Directive, while only seven countries are considered to have reached full compliance, Euractiv reports. Member of the European Parliament Bart Groothuis claimed EU countries' alleged lack of compliance with the directive is "incomprehensible and irresponsible."Full story