SypherPrivacyTalks - June 2025 - Week 25
by Sypher | Published in News - June 16, 2025Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Ireland’s Department of Social Protection fined €550,000 over facial scans
💶 Ireland's Department of Social Protection has been fined €550,000 for failing to comply fully with the GDPR when using facial scans for Public Services Cards. The Data Protection Commission identified several issues and gave the department nine months to establish a proper legal basis for using facial recognition technology, or cease its use altogether. The inquiry began in July 2021.… read more
Is Europe ramping up its agenda on protecting children online?
🚸 Six EU countries — Cyprus, Denmark, France, Greece, Slovenia and Spain — are pushing for stronger online protections for minors. In a joint paper, they are calling for mandatory age verification, a pan-European digital age of adulthood, and age-appropriate design standards. Citing mental health risks and the need for safer digital environments, they urge the EU to act…read more
Also related, Italy's DPA reaffirms ban on Replika over AI and children's privacy concerns.
Meanwhile in the US, Vermont signs Kids Code into law, facing legal challenges.
Romania: Accounting firm fined 10,000 EUR
dataprotection.ro • 2 min read
💶Romania’s Data Protection Authority has fined accounting firm Accounting Audit SRL SRL €10,000 following a cyberattack that led to a data breach, exposing personal data. An investigation was launched following a breach notification from the firm itself, as well as similar reports from two of its clients.… read more (article in Romanian).
EDPB publishes final version of guidelines on data transfers to third country authorities and more
edpb.europa.eu/news • 4 min read
📜 Following a public consultation, the European Data Protection Board (EDPB) has finalised its guidelines on Article 48 of the GDPR, which deals with data transfers to authorities in non-EU countries. The Board has also introduced two new Support Pool of Experts (SPE) projects, focusing on training materials related to AI and data protection. Furthermore, the Board reviewed the European Commission's request for a joint opinion with the EDPS on a draft proposal to simplify GDPR record-keeping obligations.... read more
Not all AI is high-risk: what the EU AI act says about chatbots, Spotify, Google translate and Siri?
🤖 The EU AI Act introduces a light regulatory approach for limited-risk AI systems—those that don’t pose major threats to safety or rights. While not banned or tightly controlled, these systems must meet basic transparency rules to promote user awareness and trust, as they’re common in everyday use and can subtly influence user behavior… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
