SypherPrivacyTalks - March 2025 - Week 14

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Amazon considers appeal after court sides with regulator on record privacy fine

euronews.com • 2 min read

💶 Amazon is contemplating an appeal after a Luxembourg court upheld a record €746 million GDPR fine against the company. The tech giant, which has 40 days to decide, was originally penalised in 2021 by Luxembourg's Data Protection Authority for processing users' online data without proper consent. 
This case represents one of the most significant GDPR enforcement actions to date… read more

Copyright in AI-generated outputs

inquisitiveminds.bristows.com • 5 min read 

🤖 The article examines copyright protection for AI-generated works across jurisdictions. Starting from the different approach on the output of an AI-generated product - in China it needs to reflect human intellectual investment, in the US the human input needs to be perceptible, while in the EU the output needs to reflect the human’s personality and expresses his/her free and creative choices. These divergent approaches create challenges for copyright law, perhaps leading to a separate right for AI-generated outputs… read more

EU-UK data ‘adequacy’ decisions to get six months extension

pinsentmasons.com • 3 min read

🔄 The European Commission has proposed extending its data adequacy decisions on the UK until 27 December 2025, giving companies operating in EU countries an extra six months to freely transfer personal data between the EU and the UK under the framework established in 2021.
The proposal will be examined by the European Data Protection Board (EDPB)… read more

European Health Data Space Regulation sets requirements for electronic health record systems

aoshearman.com • 3 min read

🏥The European Health Data Space (EHDS) Regulation entered into force on 26 March 2025. This new framework will standardise the exchange and use of electronic health data across the EU, strengthening the rights of individuals to access and control their health information, while enabling the secure re-use of data for research and innovation. 
The Regulation introduces common technical standards for health record systems to improve interoperability, and will be implemented in phases based on data types and use cases... read more

Balancing GDPR data access rights against the rights of others

arthurcox.com • 6 min read

⚖️ The Irish Data Protection Commission (DPC) has issued new guidance on the handling of data subject access requests (DSARs), addressing the common challenges data controllers face when balancing access rights with competing rights of third parties. 
Article 15(4) of the GDPR allows controllers to restrict DSARs where disclosure would "adversely affect the rights and freedoms of others", but applying this provision has proven challenging. The DPC provides clarity, particularly for controllers with legitimate concerns about potentially harmful requests, while emphasising the need to document the reasons for decisions… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.