SypherPrivacyTalks - February 2025 - Week 8

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

EU pulls back – for the moment – on privacy and genAI liability compliance regulations

computerworld.com • 2 min read

🧑‍⚖️ The EU announced last week that it would not proceed with key legislation concerning privacy (Regulation on Privacy and Electronic Communications) and artificial intelligence liability at present. According to experts, the postponement stems from divided opinions among EU member states, with France adopting a pro-innovation stance whilst Germany maintains a more cautious approach, advocating for stricter AI regulation.
Some observers suggest the EU has been overzealous in its regulatory approach… read more

👉 See the decisions detailed in the Commission's work programme for 2025, Annex IV, items 29 and 32 - page 26.

Cybersecurity: Romania transposes the NIS2 Directive. What’s next?

kinstellar.com/news-and-insights • 3 min read

🛡️Romania has implemented the EU's enhanced cybersecurity directive (NIS2) through emergency legislation passed in December 2024. The new rules require 'essential' organisations (such as energy, transport and healthcare providers) and 'important' organisations (including postal services and food producers) to bolster their cyber defences. Companies must register with Romania's National Cybersecurity Directorate and face hefty fines—up to €10 million or 2% of global turnover—for non-compliance. 

Whilst registration was due by 30th January 2025, the authority has yet to issue its application guidelines, expected in early 2025… read more

📢 Register for the Sypher webinar on NIS2 and other directives: 🔐Cybersecurity and GDPR Compliance in 2025.

EDPB Guidelines on pseudonymisation: When and how to apply it

edpb.europa.eu • 3 min read + Guidelines

📜The European Data Protection Board (EDPB) provides guidance on implementing effective pseudonymisation methods and managing both the modified data and users' rights.

Pseudonymisation helps organisations protect personal data by making it harder to identify individuals. It involves replacing identifying information with alternative references that can only be linked back to specific people using additional data, such as a lookup table. 

The guidelines clarify two key points: 

• Are pseudonymised data still considered personal data? 
• How does pseudonymisation help organisations process data under the GDPR?

This technique supports GDPR compliance, particularly for security requirements and privacy-by-design principles. As it's a protective measure, pseudonymisation doesn't require its own legal basis—it's covered by the same basis as the original data processing... read more

👉 Consult the guidelines here.

Warning for excessive video surveillance - educational unit

dataprotection.ro  • 2 min read

👁️ In January 2025, Romania's Data Protection Authority investigated Vasile Conta High School in Târgu Neamț for GDPR violations. The school had installed CCTV cameras in toilet facilities and allowed the headteacher unrestricted access to footage, including on their personal mobile phone. 

The authority issued two warnings for unlawful and excessive data processing, as well as inadequate security measures. The school must now revise its procedures to ensure CCTV usage complies with GDPR principles and implement proper access controls. Under Romanian law, whilst schools may install surveillance systems in most areas, toilet facilities are explicitly excluded. … read more (article in Romanian).

US politicians furious at UK demand for encrypted Apple data

bbc.com/news • 4 min read

🕵️‍♂️ American legislators have criticised Britain's request to access encrypted data from Apple users' cloud storage worldwide. Some senators expressed their concerns, describing the UK's request as both "dangerous" and "shortsighted".

They claim the demand poses risks to American privacy and security interests, and have called for presenting Britain with a stark choice: either withdraw the request or face significant repercussions… read more
 

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by iStock.com