"The collaborative spirit among EU institutions is not only encouraged but also necessary" for managing the plethora of EU digital laws, Thomas Regnier, European Commission tech sovereignty spokesperson, said Friday (see 250121000).

Avoid using integrated AI tools such as Copilot without thoroughly assessing them in advance, and ensuring control mechanisms and effective user training, the Norwegian Data Protection Authority blogged Thursday in an unofficial translation. In addition, it published a report offering guidance on how companies can use AI strategically. Among other things, it said they should decide what a particular project's goals are, what areas are relevant for AI use, and what areas AI should be kept away from.

The Polish data protection authority (UODO) announced on Thursday it will focus on the security of medical data and the processing of children's data online this year. The focus includes sectors where there are increasing breaches of personal data protection regulations, it said in an informal translation. Other priorities are the processing of personal data in connection with the EU Schengen Information System and Visa Information System, and how data controllers handle data breaches.

Online tracking is part of digital life, but businesses are increasingly recognizing that it can harm people when it isn't done responsibly, Stephen Almond, U.K. Information Commissioner's Office regulatory risk executive director, blogged Thursday. The ICO has been "taking decisive action, supporting organisations to make changes" to ensure they can navigate online tracking responsibly while safeguarding people's personal information.

Meta's latest pay-or-consent policy in the EU may be breaching consumer and data protection law as well as the Digital Markets Act, the European Consumer Organisation (BEUC) said Thursday. It contacted the relevant EU enforcement authorities about its concerns.

CNIL, the French regulator, will pay "particular attention" in coming months to whether software development kit (SDK) providers are complying with the GDPR, it announced Tuesday (according to an informal translation). SDK providers play a central role in the operation of mobile apps. Popular SDKs include audience measurement and advertising monetization, the CNIL document said. When the regulator published recommendations earlier on integrating SDKs and implementing controls to ensure GDPR compliance, it notified SDK suppliers that it would start checking compliance this spring.

The Council of the EU Tuesday approved rules aimed at improving cross-border access to EU health data. The European Health Data Space (EHDS) regulation will give people better access to and control over their personal electronic health data while allowing certain data to be reused for research and innovation for patients' benefit, the Council said.

Data controllers need more awareness of European Data Protection Board (EDPB) guidelines on data subjects' right of access to their personal data, the board said Monday in a report.

The European Data Protection Board (EDPB) Friday clarified the use of pseudonymized data for EU General Data Protection Regulation compliance. Comments on the guidelines are due Feb. 28.

Austrian privacy advocacy group Noyb Thursday sued TikTok, AliExpress, Shein, Temu, WeChat and Xiaomi under the General Data Protection Regulation for unlawfully transferring Europeans' personal data to China. Noyb said four of the companies conceded sending the data to China, and two acknowledged sending it to undisclosed third countries. EU law is clear, the group said: Data transfers are allowed only if the destination country doesn't undermine data protection: "Given that China is an authoritarian surveillance state, companies can't realistically shield EU users' data from access by the Chinese Authorities." The emergence of Chinese apps opens a front for EU data protection law, Noyb said.