SypherPrivacyTalks - January 2025 - Week 4

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

TikTok and five other Chinese firms could face GDPR penalties in the EU

invezz.com/news • 4 min read

💥 Privacy organisation NOYB has filed its first GDPR complaints against Chinese companies, including TikTok, Xiaomi, Shein, AliExpress, Temu and WeChat.
NOYB alleges that these companies have unlawfully shared European user data with entities in China, and is calling for the suspension of such data transfers and penalties of up to 4% of the companies' global revenues… read more

Preparing for AI regulation: The EU AI Act

computerweekly.com • 8 min read

💡The EU AI Act, which will come into force in phases from February 2025, introduces strict regulations for AI-enabled products and services sold in the EU, regardless of the location of the provider. The first phase, Article 5, prohibits exploitative, manipulative or harmful AI practices and imposes significant penalties for non-compliance, up to €35 million or 7% of global turnover.
Building on frameworks such as GDPR, the law requires organisations to adopt risk-based approaches, ensure supplier compliance, and implement multidisciplinary AI strategies to align with evolving regulatory standards and maintain consumer trust… read more

Microsoft urged to answer EU questions on Generative AI

euronews.com • 2 min read

🚨The European Commission has requested detailed information from Microsoft about the generative AI capabilities of Bing, citing potential violations of the Digital Services Act. Concerns include AI-generated misinformation, deepfakes and automated manipulation of services that could mislead voters. 
Microsoft has until 27 May to respond... read more

DORA is here - key considerations for financial services firms

mhc.ie • 4 min read

🏦 The Digital Operational Resilience Act (DORA) came into force on 17 January 2025, impacting financial firms' contracts with technology and data service providers. Negotiation challenges include aligning with DORA addendums and navigating uncertainty around regulatory standards for subcontracting. 
Financial firms are advised to consider suppliers' perspectives to streamline contract updates and ensure compliance.… read more

Summary of 2024’s Key CJEU data protection judgments

lexology.com • 9 min read

📜 This article, by Arthur Cox, examines notable data protection rulings from the Court of Justice of the European Union in 2024. 
The cases cover areas such as GDPR compensation claims, the interpretation of legitimate interests and the classification of personal data… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by Solen Feyissa on Unsplash