A French data protection authority has fined a company €3.5 million after serious GDPR breaches affecting over 10.5 million data subjects. The organization shared customer emails and phone numbers with a social media platform without consent, failed to conduct a proper data protection impact assessment, and allowed weak password security. Automatic cookies were also installed without user consent. This case highlights that privacy is not optional, companies must prioritize us

YouTube recently launched an AI-powered deepfake detection tool called “Likeness Detection,” which scans videos and compares creators’ facial features to identify manipulated or unauthorized content. To use the tool, creators must upload government-issued IDs and facial biometric videos, raising privacy concerns among experts. Google insists the data is used solely for identity verification and security features, not AI training. However, some warn that linking facial data to

TikTok has asked European regulators for clarification after highlighting a conflict between the Digital Services Act (DSA) and the GDPR. The company says the requirements to ease certain data protection measures put the two laws in direct conflict. TikTok emphasizes its commitment to transparency and notes that nearly 1,000 research teams have accessed data through its Research Tools. The European Commission has preliminarily concluded that both TikTok and Meta violated DSA

The European Data Protection Supervisor (EDPS) has released guidance on AI use for EU institutions, offering lessons for all businesses handling personal data. Key recommendations include knowing where personal data enters AI processes, maintaining transparency about data collection and use, ensuring accountability with clear responsibilities and records, respecting individuals’ rights to access, correct, or erase data, and thoughtfully conducting full Data Protection Impact

The European Commission’s upcoming Digital Omnibus, aimed at simplifying EU digital and AI regulations, could put fundamental privacy rights at risk without guaranteeing real economic growth. Proposals include relaxing controls on data use for AI, expanding non-personal data definitions, and potentially limiting individuals’ access to their own data. While some minor improvements are expected, such as a single reporting point for incidents or simplified rules for SMEs, the co

Switzerland’s data protection group, privatim, has warned that international cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud cannot meet the privacy requirements for sensitive government data. Key issues include lack of true end-to-end encryption, limited transparency, loss of control over data, legal uncertainty, and access rights under the US CLOUD Act. Privatim advises that sensitive data should only be stored in the cloud if government agencies