Personal data protection is important but shouldn't be an unnecessary obstacle to innovation and development, the Swedish Data Protection Authority said Tuesday in a newspaper op-ed unofficial translation. Accordingly, there are good reasons to consider criticism of the General Data Protection Regulation (GDPR), it added.

French privacy regulator CNIL received notice of more than 5,600 personal data breaches in 2024, a 20% increase from 2023, it reported Tuesday in unofficial translation. Even worse, it said, was the "worrying trend" of very large-scale violations last year. In response, the regulator said, cybersecurity has become one of its priorities this year. That means supporting organizations via recommendations for protecting personal data in light of evolving threats; placing controls on organizations' implementation of safety measures; and making individuals aware of cybersecurity so they can help safeguard their data. The CNIL also said it will boost coordination with cybersecurity actors, including France's cybersecurity agency.

The Danish Data Protection Agency Monday published two security measures relating to the safe transmission of data, according to an unofficial translation. The measures replace some existing guidance on data transmission via e-mail and SMS, an area that can quickly become obsolete, it said.

Data processors who use databases freely available online or provided by a third party such as a data broker must verify that their formation or sharing isn't "manifestly unlawful," French privacy regulator CNIL warned Friday (in an unofficial translation). Whoever compiles, uploads or shares the database must comply with laws banning theft or distribution of stolen data and must check that the information isn't the result of a data leak, it said.

"The collaborative spirit among EU institutions is not only encouraged but also necessary" for managing the plethora of EU digital laws, Thomas Regnier, European Commission tech sovereignty spokesperson, said Friday (see 250121000).

Avoid using integrated AI tools such as Copilot without thoroughly assessing them in advance, and ensuring control mechanisms and effective user training, the Norwegian Data Protection Authority blogged Thursday in an unofficial translation. In addition, it published a report offering guidance on how companies can use AI strategically. Among other things, it said they should decide what a particular project's goals are, what areas are relevant for AI use, and what areas AI should be kept away from.

The Polish data protection authority (UODO) announced on Thursday it will focus on the security of medical data and the processing of children's data online this year. The focus includes sectors where there are increasing breaches of personal data protection regulations, it said in an informal translation. Other priorities are the processing of personal data in connection with the EU Schengen Information System and Visa Information System, and how data controllers handle data breaches.

Online tracking is part of digital life, but businesses are increasingly recognizing that it can harm people when it isn't done responsibly, Stephen Almond, U.K. Information Commissioner's Office regulatory risk executive director, blogged Thursday. The ICO has been "taking decisive action, supporting organisations to make changes" to ensure they can navigate online tracking responsibly while safeguarding people's personal information.

Meta's latest pay-or-consent policy in the EU may be breaching consumer and data protection law as well as the Digital Markets Act, the European Consumer Organisation (BEUC) said Thursday. It contacted the relevant EU enforcement authorities about its concerns.

CNIL, the French regulator, will pay "particular attention" in coming months to whether software development kit (SDK) providers are complying with the GDPR, it announced Tuesday (according to an informal translation). SDK providers play a central role in the operation of mobile apps. Popular SDKs include audience measurement and advertising monetization, the CNIL document said. When the regulator published recommendations earlier on integrating SDKs and implementing controls to ensure GDPR compliance, it notified SDK suppliers that it would start checking compliance this spring.