NOYB launched a complaint against Bumble regarding unlawful AI processing
by Sypher | Published in News - June 30, 2025
Welcome to #SypherPrivacyTalks Week 27 / 2025 — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Bumble's AI icebreakers are mainly breaking EU law
💕 NOYB has filed a complaint claiming that the dating app Bumble violated GDPR rules by using user data for its 'AI Icebreakers' feature without proper consent, and by failing to meet transparency requirements.
Bumble, which has around 50 million users worldwide, is primarily used for connecting with potential romantic partners, making new friends, and even professional networking.…read more
UK: ICO call for views on international transfers guidance
📢 The UK's Information Commissioner's Office (ICO) has opened a six-week consultation on its international data transfer guidance under the UK General Data Protection Regulation (UK GDPR), seeking feedback from businesses and professionals to ensure the guidance is clear and practical.
The consultation closes on 7 August 2025… read more
Romanian company fined 3,000 euros under GDPR for surveillance cameras – must now remove them
💶 Piramida Trade Invest SRL, a Romanian company, was fined €3,000 by the national data protection authority (ANSPDCP) for unlawfully monitoring employees with audio-video surveillance without proper consent or legal basis.
The company also failed to respond to an access request within the required framework. The company must now remove several cameras and improve its data protection practices... read more (article in Romanian).
CNIL clarifies GDPR basis for AI Training – but it’s just one part of the compliance picture
📝 While the French CNIL’s guidance on using legitimate interest as a legal basis for AI training is a positive step, key regulatory challenges remain unresolved under other legal frameworks. These challenges include copyright, database rights, litigation risks and deployment responsibilities.
Organisations should not assume that GDPR compliance is fully in place for AI training and must apply careful, documented judgement to manage broader AI compliance effectively… read more
The UK’s new amendments to the UK GDPR become law and get a nod from the EU. What happens now?
🏛️ The UK’s new Data (Use and Access) Act, which was passed on 19 June 2025, updates the UK’s post-Brexit data protection rules, reducing compliance burdens while maintaining the core principles of the UK GDPR.
Key changes include new rules on complaints handling, digital identity verification, recognised legitimate interests and consent for research purposes. However, most provisions require further rulemaking before they can take effect … read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Good Faces Agency on Unsplash
