The Swiss Federal Data Protection and Information Commissioner closed its informal preliminary investigation into X's use of data for training its AI system Grok, it announced Thursday. It found that X users can refuse to have their public messages used for AI training, and that the platform is in compliance with the country's privacy law.

The Luxembourg Administrative Tribunal Wednesday upheld a July 2021 decision by the National Data Protection Commission that slapped Amazon with a fine of 746 million euros ($808 million) for General Data Protection Regulation (GDPR) breaches. The court also ordered the platform to take corrective measures or face a daily penalty of 746,000 euros.

The European Commission has "seen the news about the dismissal of two FTC Commissioners," an EC spokesperson emailed us Thursday. "We will follow closely any appointment procedure and judicial proceedings concerning members of the FTC." The dismissals have sparked uncertainty about the future of the EU-U.S. Data Privacy Framework which enables trans-Atlantic flows of personal data (see 2503190046).

The European Data Protection Board (EDPB) Wednesday published a cooperation procedure for approval of Binding Corporate Rules (BCRs) for data controllers and processors. The European Commission defines BCRs as "data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises." BCRs must include all general data protection principles and enforceable rights, and must be legally binding.

Acknowledging that data is one of Britain's most valuable assets, the U.K. government Monday sought public input on ensuring safe and secure access to data and building public trust.

The Czech Republic's Office for Personal Data Protection unveiled its 2025 priorities, saying it will focus on how data from public administration registers and information systems is used. In addition, the PDA will study retailers' practice of making discounts conditional on the processing of people's personal data.

The Swedish Authority for Privacy Protection will prioritize high-risk privacy areas this year. The watchdog said it's raising its game on guidance and risk-based supervision but is ready to shift focus if necessary.

The European Data Protection Board Friday issued additional guidance on processing air passenger name record (PNR) data under the EU PNR Directive.

The European Data Protection Supervisor published a review of its activities during its 2020-2024 term, describing its work during the COVID-19 crisis. In addition, the report includes content about EDPS' enforcement activities and efforts to create global privacy standards and a more coherent approach to data protection across the EU. The term was "synonymous with adaptability and resilience," wrote EDPS supervisor Wojciech Wiewiorowski.

The European Commission's adequacy decision permitting data flows from Europe to the U.K. expires June 27 and there are concerns about U.K. legislative reforms to data protection rules, a March Parliamentary Research Services memo said.