EU data protection

EU data protection

A "discriminatory" artificial intelligence (AI) model used by Sweden's social security agency to flag people for benefit fraud investigations has been suspended, following an intervention by the country's Data Protection Authority (IMY). Starting in June 2025, IMY's involvement was prompted after a joint investigation from Lighthouse Reports and Svenska Dagbladet (SvB) revealed in November 2024 that a machine learning (ML) system being used by Försäkringskassan, Sweden's Social Insurance Agency was disproportionally and wrongly flagging certain groups for further investigation over social benefits fraud.

Axeptio introduces video as the centerpiece of its Consent Management Platform (CMP), transforming the traditional cookie banner into an immersive, multi-sensory, and fully customisable brand experience. By placing storytelling at the core of consent, Axeptio breaks away from "consent fatigue" and reimagines compliance as a new growth lever. What was once a regulatory obligation has now become a stage: a new communication channel where brands can engage audiences, build trust, and convert attention into performance.

Across Europe and globally, organisations face rising regulatory demands, resilience expectations, and rapid tech innovation. Governments and enterprises need the cloud's power without losing control of their data. The announcement includes the commitment to the EU Data Boundary, which ensures that data processed by AI services for EU customers remains within the European Union. According to the company, this means that all customer data, whether at rest or in transit, will be stored and processed exclusively in the EU, unless customers explicitly direct otherwise.

A coalition of reporters obtained the dataset, offered as a free sample from a data broker, containing 278 million location data points from the phones of millions of people around Belgium. Much of the location data is uploaded by ordinary apps installed on a person's phones, which is sold to data brokers. Those data brokers then sell that data to governments and militaries.

Lots of companies are announcing AI this and AI that, but few of them offer more than new AI lipstick on an old pig when you look at them closely. Then, there's what SUSE is doing with its release of SUSE Linux Enterprise Server 16 (SLES 16), available today. This new version is positioned as an AI-ready operating system tailored to the demands of today's hybrid cloud, data center, and edge computing environments.

As businesses continue to integrate sophisticated identity verification systems, the temptation to collect as much user data as possible grows. Unfortunately, this approach backfires. Storing excessive amounts of personal data, particularly in onboarding and KYC (Know Your Customer) flows, does not automatically lead to enhanced security. Instead, it expands the surface area for vulnerabilities and increases the potential scale of impact of security incidents.

The ATT feature lets users ask third party apps which they're using on Apple's mobile platform, iOS, not to track their digital activity for targeted advertising. The framework was introduced back in 2021, ushering in a new set of iOS pop-up banners that let users refuse an app permission to track their digital activity, including across websites and other apps on the phone.

Apple has always pushed hard on the need for user privacy. Apple CEO Tim Cook has spoken about the threat of a surveillance economy and Craig Federighi, Apple's software vice president, gave an extensive speech on the topic at the European Data Protection and Privacy Conference in 2020. "The mass centralization of data puts privacy at risk," he said then, "no matter who's collecting it and what their intentions might be. So ,we believe Apple should have as little data about our customers as possible.

The organization, which focused on secure and privacy-friendly DNS resolution within the European Union, says it is discontinuing the service due to a lack of time and resources. The official DNS0.EU website now only displays a short announcement: The dns0.eu service has been discontinued. We would have liked to keep it running. It was not sustainable for us in terms of time and resources. We recommend switching to DNS4EU or NextDNS. We sincerely thank all our infrastructure and security partners who made dns0.eu possible.

The cloud has become the backbone of modern business, enabling rapid scalability, advanced analytics, and collaboration across global teams. In the age of artificial intelligence (AI), the cloud's role is even more critical, both serving as the storage and processing hub for vast quantities of data that feed machine learning models, power real-time analytics, and drive business innovation. With this innovation comes a high-risk balancing act.

You can't outsource accountability, but many organizations are doing just that, often without even realizing it. This is especially the case when it comes to data. As businesses rely more heavily on third-party suppliers to store, move, and manage their data, the risk of something going wrong multiplies. Whether that's compliance, the ability to restore lost data, or susceptibility to cyber attack.

Historically, many enterprises have avoided multicloud deployments, citing complexity in managing multiple platforms, compliance challenges, and security concerns. However, as the need for specialized solutions grows, businesses are realizing that a single vendor can't meet their workload demands. In practice, this may look like using AWS for machine learning hardware, Google Cloud for Tensor Processing Units (TPUs), or IBM's industry-specific solutions for sensitive data.

Microsoft's OneDrive is increasing the creepiness quotient by using AI to spot faces in photos and group images accordingly. Don't worry, it can be turned off - three times a year. This writer has been enrolled in a OneDrive feature on mobile to group photos by people. We're not alone - others have also reported it turning up on their devices.

Under the GDPR, "personal data" is broadly defined and includes both directly identifiable information (e.g., names, contact details) and indirectly identifiable information (e.g., IP address, unique IDs). "Pseudonymous data" constitutes personal data if individuals can be identified using "reasonably likely" means - taking into account all objective factors such as cost, time, and available technology. By contrast, "anonymous data" is information which does not relate to an identified or identifiable individual.

In parallel, the Commission is running a public consultation on its consumer policy strategy for 2025-30, including with respect to digital fairness and consumer law enforcement, which is open until August 31, 2025. These developments are part of a broader European shift toward tougher digital consumer protection, echoed by the UK's newly adopted Digital Markets, Competition, and Consumers Act, which introduces similar rules around pricing, subscriptions, and enforcement powers for the UK Competition and Markets Authority.

The documents contained in the FoI dump include correspondence between the tech giant and policing bodies and two data protection impact assessments (DPIAs). The tech giant also refused to disclose its own risk assessments into the transfer of UK policing data to other jurisdictions, including China and others deemed "hostile" in the DPIA documents.

Facebook and Instagram users in the UK will soon be offered paid subscriptions that remove ads. In the coming weeks, those over the age of 18 can pay £3 ($4) per month on the web, or £4 ($5) per month when using Meta's iOS or Android apps. If you're wondering why the mobile version is more expensive, Meta blames that on fees levied by Apple and Google in their respective app stores.