SypherPrivacyTalks - March 2025 - Week 10
by Sypher | Published in News - March 03, 2025
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
CJEU GDPR ruling: Right to info for data subjects trumps trade secrets
π§βοΈThe European Court of Justice today issued a ruling on conflicts between data subjects' rights and data controllers' claims of trade secrets. According to the ruling, when such disputes arise, data protection authorities (DPAs) or courts can access the relevant information to determine what the data controller is obliged to disclose ... read more
Swedbank accused of violating law by claiming client’s mortgage was “trade secret”
π¦ Swedbank, a major Nordic and Baltic bank, is accused of unlawfully refusing a customer's request for details of its mortgage interest calculation.
The Swedish Data Protection Authority (IMY) received a complaint from NOYB, which alleges that Swedbank lacks transparency in its automated interest calculation system.
Although banks are allowed to set personalised interest rates automatically, EU law still requires them to provide "meaningful information about the logic involved" in such calculations… read more
EU AI Act begins to take effect: what to know and how to prepare
π€ The EU's AI law, which came into force on 2 February 2025, now prohibits certain AI practices and requires AI literacy. The bans include harmful manipulation, exploitation of vulnerable people, social scoring, facial image scraping, emotion recognition in the workplace or real-time biometric identification by law enforcement. The law also applies to non-EU companies serving EU users or deploying systems in the EU, with enforcement mechanisms coming into effect from 2 August 2025.… read more
DORA update – Upcoming designations of critical third-party providers
insightplus.bakermckenzie.com • 2 min read
π The European Supervisory Authorities (ESAs) are moving forward with preparations to identify critical third party service providers (CTPPs) under the Digital Operational Resilience Act (DORA), which came into force on 17 January 2025. This legislation empowers the ESAs to designate essential ICT providers serving the EU financial services sector as critical, subjecting them to direct regulatory supervision. According to a recently published roadmap, the ESAs plan to finalise these designations by the end of the year. The implementation of DORA represents a significant extension of regulatory authority over technology providers that support financial institutions across the European Union... read more
How DPAs are trying to keep up with AI advances
π¨ EU regulators are struggling to monitor the rapidly evolving AI landscape, as the DeepSeek case has highlighted. Data protection authorities admit they lack the resources to investigate every new AI product, often relying on consumer groups and media reports to flag issues. As the EU AI law comes into force, regulators hope the required disclosures will make it easier to monitor compliance, while coordination between authorities through the European Data Protection Board will provide some oversight for cross-border enforcement… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by AbsolutVision on Unsplash
