The U.K. Information Commissioner's Office (ICO) published its Tech Horizons 2025 report, identifying privacy and data protection implications of four emerging technologies: (1) connected transport, (2) quantum sensing and imaging, (3) digital diagnostics, therapeutics and healthcare infrastructure (such as AI-assisted diagnosis) and (4) synthetic media (partly or wholly generated using AI/machine learning) and its identification and detection.

A high school in Romania breached the General Data Protection Regulation by processing personal data through a video surveillance system whose monitors were illegally and excessively installed in the principal's office, giving his personal phone access to images and audio captured in hallways, the stairwell and bathrooms. The Romanian National Supervisory Authority for Personal Data Processing announced results of its investigation Feb. 7.

The EU needs a consistent approach to age assurance, the European Data Protection Board (EDPB) said in a statement Wednesday after its Feb. 9 plenary. It set out specific guidance and high-level principles arising from the General Data Protection Regulation (GDPR) that it said should be considered when personal data is processed in the context of age verification.

The European Data Protection Board (EDPB) Tuesday discussed enforcement activities concerning the DeepSeek AI chatbot and agreed to extend the scope of its ChatGPT task force to AI enforcement, a spokesperson emailed. The task force was created to encourage cooperation and exchange information on possible enforcement actions conducted by data protection authorities (DPAs) on ChatGPT.

Fallout from the U.K. government's decision to force Apple to make available encrypted cloud data continued over the weekend. Internet Society Senior Director of Internet Trust Robin Wilton posted on LinkedIn that "the consensus among cybersecurity experts is clear: 'there's no way to break encryption without making everyone more vulnerable.'"

Several parts of the U.K. Data (Use and Access) legislation (DUA) require further clarification from the government, Information Commissioner John Edwards told the House of Commons Monday. DUA was introduced in Parliament last October and has now completed its passage through the Lords, "where it has been subject to a number of amendments and significant debate," he said.

The Computer & Communications Industry Association raised concerns Friday about reports that the U.K. government has ordered Apple to create a backdoor in its devices, giving security services access to users’ encrypted Apple files worldwide. The order was apparently issued under the U.K.’s Investigatory Powers Act, CCIA said. “As the recent Salt Typhoon breach makes clear, end-to-end encryption may be the only safeguard standing between Americans' sensitive personal and business data and foreign adversaries,” said CCIA President and CEO Matt Schruers: “Decisions about Americans' privacy and security should be made in America, in an open and transparent fashion, not through secret orders from abroad requiring keys be left under doormats.” Apple didn't comment.

The Swiss Federal Data Protection and Information Commissioner Friday published a guide to handling data breaches. Among other things, it covers the concept of "probable high risk" from a breach, and defines the conditions for informing data subjects in the event of a violation of data security.

The Latvian Data State Inspectorate published advice for protecting children's personal data when schools post academic accomplishments obtained from educational information systems. Processing children's data must be done for the benefit of the student, it said. If the reason for the processing is to showcase the best students and rank each pupil's place among classmates to motivate them to work harder, the data processing isn't proportionate because it could lead to harassment of poorer students.

French Data Protection Authority CNIL Friday released two recommendations to support responsible AI innovation while protecting people's rights. The recommendations illustrate how the General Data Protection Regulation (GDPR) fosters development of innovative and responsible AI in Europe, it said. They give concrete solutions for informing people whose data was used and helping them exercise their rights, it said.