EU data protection

EU data protection

The speed of AI development gets most of the headlines, but the law is running a race of its own. Legislators and regulators are releasing new rules at a pace that can surprise even the most seasoned compliance teams. For in-house counsel, this creates a constant challenge: how to give sound, forward-looking advice when the ground under your feet is shifting.

Axeptio introduces video as the centerpiece of its Consent Management Platform (CMP), transforming the traditional cookie banner into an immersive, multi-sensory, and fully customisable brand experience. By placing storytelling at the core of consent, Axeptio breaks away from "consent fatigue" and reimagines compliance as a new growth lever. What was once a regulatory obligation has now become a stage: a new communication channel where brands can engage audiences, build trust, and convert attention into performance.

Across Europe and globally, organisations face rising regulatory demands, resilience expectations, and rapid tech innovation. Governments and enterprises need the cloud's power without losing control of their data. The announcement includes the commitment to the EU Data Boundary, which ensures that data processed by AI services for EU customers remains within the European Union. According to the company, this means that all customer data, whether at rest or in transit, will be stored and processed exclusively in the EU, unless customers explicitly direct otherwise.

Lots of companies are announcing AI this and AI that, but few of them offer more than new AI lipstick on an old pig when you look at them closely. Then, there's what SUSE is doing with its release of SUSE Linux Enterprise Server 16 (SLES 16), available today. This new version is positioned as an AI-ready operating system tailored to the demands of today's hybrid cloud, data center, and edge computing environments.

Even before Azure had a global failure this week, Austria's Ministry of Economy had taken a decisive step toward digital sovereignty. The Ministry achieved this status by migrating 1,200 employees to a Nextcloud-based cloud and collaboration platform hosted on Austrian-based infrastructure. This shift away from proprietary, foreign-owned cloud services, such as Microsoft 365, to an open-source, European-based cloud service aligns with a growing trend among European governments and agencies. They want control over sensitive data and to declare their independence from US-based tech providers.

As businesses continue to integrate sophisticated identity verification systems, the temptation to collect as much user data as possible grows. Unfortunately, this approach backfires. Storing excessive amounts of personal data, particularly in onboarding and KYC (Know Your Customer) flows, does not automatically lead to enhanced security. Instead, it expands the surface area for vulnerabilities and increases the potential scale of impact of security incidents.

The ATT feature lets users ask third party apps which they're using on Apple's mobile platform, iOS, not to track their digital activity for targeted advertising. The framework was introduced back in 2021, ushering in a new set of iOS pop-up banners that let users refuse an app permission to track their digital activity, including across websites and other apps on the phone.

Apple has always pushed hard on the need for user privacy. Apple CEO Tim Cook has spoken about the threat of a surveillance economy and Craig Federighi, Apple's software vice president, gave an extensive speech on the topic at the European Data Protection and Privacy Conference in 2020. "The mass centralization of data puts privacy at risk," he said then, "no matter who's collecting it and what their intentions might be. So ,we believe Apple should have as little data about our customers as possible.

The organization, which focused on secure and privacy-friendly DNS resolution within the European Union, says it is discontinuing the service due to a lack of time and resources. The official DNS0.EU website now only displays a short announcement: The dns0.eu service has been discontinued. We would have liked to keep it running. It was not sustainable for us in terms of time and resources. We recommend switching to DNS4EU or NextDNS. We sincerely thank all our infrastructure and security partners who made dns0.eu possible.

The cloud has become the backbone of modern business, enabling rapid scalability, advanced analytics, and collaboration across global teams. In the age of artificial intelligence (AI), the cloud's role is even more critical, both serving as the storage and processing hub for vast quantities of data that feed machine learning models, power real-time analytics, and drive business innovation. With this innovation comes a high-risk balancing act.

You can't outsource accountability, but many organizations are doing just that, often without even realizing it. This is especially the case when it comes to data. As businesses rely more heavily on third-party suppliers to store, move, and manage their data, the risk of something going wrong multiplies. Whether that's compliance, the ability to restore lost data, or susceptibility to cyber attack.

Historically, many enterprises have avoided multicloud deployments, citing complexity in managing multiple platforms, compliance challenges, and security concerns. However, as the need for specialized solutions grows, businesses are realizing that a single vendor can't meet their workload demands. In practice, this may look like using AWS for machine learning hardware, Google Cloud for Tensor Processing Units (TPUs), or IBM's industry-specific solutions for sensitive data.

Microsoft's OneDrive is increasing the creepiness quotient by using AI to spot faces in photos and group images accordingly. Don't worry, it can be turned off - three times a year. This writer has been enrolled in a OneDrive feature on mobile to group photos by people. We're not alone - others have also reported it turning up on their devices.

Under the GDPR, "personal data" is broadly defined and includes both directly identifiable information (e.g., names, contact details) and indirectly identifiable information (e.g., IP address, unique IDs). "Pseudonymous data" constitutes personal data if individuals can be identified using "reasonably likely" means - taking into account all objective factors such as cost, time, and available technology. By contrast, "anonymous data" is information which does not relate to an identified or identifiable individual.

In parallel, the Commission is running a public consultation on its consumer policy strategy for 2025-30, including with respect to digital fairness and consumer law enforcement, which is open until August 31, 2025. These developments are part of a broader European shift toward tougher digital consumer protection, echoed by the UK's newly adopted Digital Markets, Competition, and Consumers Act, which introduces similar rules around pricing, subscriptions, and enforcement powers for the UK Competition and Markets Authority.

The documents contained in the FoI dump include correspondence between the tech giant and policing bodies and two data protection impact assessments (DPIAs). The tech giant also refused to disclose its own risk assessments into the transfer of UK policing data to other jurisdictions, including China and others deemed "hostile" in the DPIA documents.

Facebook and Instagram users in the UK will soon be offered paid subscriptions that remove ads. In the coming weeks, those over the age of 18 can pay £3 ($4) per month on the web, or £4 ($5) per month when using Meta's iOS or Android apps. If you're wondering why the mobile version is more expensive, Meta blames that on fees levied by Apple and Google in their respective app stores.

Big tech hasn't been happy with that, of course, and now Apple's come out swinging against the regulation. The company on Wednesday blamed the EU's enforcement of the DMA for delaying the launch of some features in the EU, saying the rules are "leading to a worse experience" for Apple customers in the bloc by exposing them to new risks and reducing choices.

LinkedIn Corp. and Meta Platforms Inc. are among the companies that have been emboldened to train their artificial intelligence on the personal data of European users, testing EU regulators' approach to privacy enforcement.

Although the aim was to give power back to the users and let them decide which cookies they were okay with or not, the law has since had unintended consequences, the main one being cookie fatigue. Users are now bombarded with consent pop-ups so often that they rarely read them, choosing to just blindly click to accept the cookies. So the consent pop-ups make you feel like you are secure, but are not actually good at offering real protection.

Starting on November 3, 2025, we'll start to use some data from members in [EEA, Hong Kong, Canada, Switzerland and the U.K.] to train content-generating AI models that enhance your experience and better connect our members to opportunities.