The Serbian Commissioner for Information of Public Importance and Personal Data Protection approved a 2025-2027 action plan for implementing its 2023-2030 privacy strategy. The plan will "significantly contribute" to better data protection for Serbians, it said.

The Irish Data Protection Commission posted a statement to organizations on how it deals with concerns from data subjects that an organization isn't handling their data access requests appropriately under the General Data Protection Regulation. It noted that it "regularly handles" such complaints.

Businesses trying to limit information they would otherwise have to disclose under data protection laws but consider trade secrets could be forced to disclose those secrets to a court or arbitrator under a recent decision by the European Court of Justice (ECJ), Pinsent Masons attorneys noted Friday. The decision involves the interplay between General Data Protection Act provisions on automated decision-making and EU trade secrets law, they wrote.

The Latvian Data State Inspectorate published a list of data processing activities that don't require data protection assessments. The guidelines aim to give organizations a practical and clear approach to risk identification and management, the privacy watchdog said.

The Dutch data protection authority (DPA) Thursday launched a public consultation on ensuring meaningful human intervention in algorithmic decision-making. If organizations use only algorithms and AI for decision-making, it said, that could result in groups being excluded or discriminated against. If they want to use algorithms and AI, it said, they must comply with the General Data Protection Regulation.

The European Data Protection Board (EDPB) will focus this year on enforcing people's "right to be forgotten," or right to erasure, via its coordinated enforcement framework (CEF), it announced Wednesday. It chose this topic as it's one of the most frequently exercised rights under the General Data Protection Regulation (GDPR) and one where data protection authorities (DPAs) receive the most complaints, the board said.

The Swedish Data Protection Authority responded Monday to what it said were many questions about personal data transfers to the U.S. It noted that the 2023 EU-U.S. data privacy framework (DPF) permits trans-Atlantic data flows. A key factor underlying the European Commission's adequacy decision that permits such data transfers was the creation of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).

The Danish Data Protection Agency and the Danish Agency for Digitalization announced the opening of a second round of applications to their AI regulatory sandbox. The sandbox provides companies with access to free guidance on the General Data Protection Regulation and risk classification under the EU AI Act.

The U.K. Information Commissioner's Office (ICO) Monday announced investigations into how three social media and video-sharing platforms use children's personal data. It's probing how TikTok uses personal data of teens 13 to 17 years old to make recommendations to them, and how Reddit and Imgur assess the age of child users.

CNIL’s compliance unit for connected vehicles will turn its focus to dashcams, the French data protection regulator said Wednesday. CNIL said it had received much correspondence on the lack of a specific legal framework for these on-board cameras, which may infringe the privacy rights of those filmed, it said.