SypherPrivacyTalks - January 2025 - Week 6
by Sypher | Published in News - February 03, 2025
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
CNIL TIA Guide: Assistance for organisations transferring personal data outside the EEA
cnil.fr/en • 4 min read + Guide
📜The CNIL has published its final Transfer Impact Assessment (TIA) guide, designed to help organisations assess the risks of transferring personal data outside the EEA. The guide follows a public consultation and is in line with the recommendations of the GDPR and the European Data Protection Board (EDPB).
A TIA assesses whether a data importer can comply with GDPR-level protections, taking into account local laws and potential government access. It applies to transfers using standard contractual clauses or binding corporate rules, but is not required for countries with an EU adequacy decision.
The guide provides a step-by-step methodology for conducting a TIA, covering transfer identification, legal analysis and necessary safeguards. While not mandatory, it provides a structured approach to compliance… read more
Consult the full TIA guide here.
The international DeepSeek crackdown is underway
🚨Global scrutiny on DeepSeek intensifies. Italy, Taiwan, South Korea, France, Belgium, and Ireland are investigating the Chinese AI company over data privacy concerns, with Italy blocking access entirely. The U.S. is also probing whether DeepSeek illegally used American-made chips, amid fears it could disrupt the AI market.
A security firm recently found that DeepSeek exposed user data, and reports confirm it sends U.S. user information to servers in China. While privacy concerns are valid, critics argue that economic competition—not just security—is driving the crackdown. Experts warn that all AI apps pose privacy risks, regardless of origin… read more
Data protection and privacy laws now in effect in 144 countries
📚 The IAPP has updated its Global Privacy Law and DPA Directory, reflecting new and amended data privacy laws worldwide. In late 2024, countries like Cameroon, Ethiopia, and Moldova introduced new laws, while others, including Malaysia and Peru, strengthened their regulations to align with global standards like the GDPR.
Today, 144 countries have national privacy laws, covering 82% of the world's population. While Europe remains the most regulated region, Africa and Asia are rapidly advancing their privacy frameworks. The U.S. still lacks a comprehensive federal law, relying on state-level regulations... read more
Orange Romania receives a €40,000 GDPR fine
💶 Orange Romania has been fined €40,000 for excessive collection and storage of personal data, including copies of identity documents, without a clear legal basis.
Romania's National Authority for the Supervision of Personal Data Processing (ANSPDCP) has imposed corrective measures, including deleting unjustified data … read more (article in Romanian).
Hidroelectrica fined €15,000 for disclosing customer personal data
💶 Hidroelectrica, the largest electricity producer in Romania serving almost 600,000 customers, has been fined 74,562 lei (equivalent of €15,000) for insufficient testing of the iHidro app, which led to the disclosure of data from 69 customers in 2023, when the app was launched.
The incident was caused by a technical error during data migration. The company has resolved the issue and implemented additional measures to improve data security… read more (article in Romanian).
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
