EU seeks feedback to simplify AI, data & cybersecurity rules. The rise of the AI Officer

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

EU seeks feedback on proposed digital package to simplify and modernise regulations

privacyworld.blog • 3 min read

📣 The European Commission has launched a call for evidence on its proposed digital package, which aims to reduce bureaucracy and modernise EU regulations concerning data, cookies, cybersecurity and the AI Act. Businesses have until 14 October 2025 to share their views… read more

Announcement by the EC here.
Provide your feedback here.

The rise of the AI Officer: Europe’s next key compliance role

zuniclaw.com • 4 min read

👨‍💻 Now that the EU’s AI Act is in force, organisations are encouraged to appoint an ‘AI Officer’ to oversee compliance, manage risks and act as the point of contact with regulators. Modelled on the GDPR’s Data Protection Officer role, this position is expected to become standard practice for companies using high-risk AI. 
Although some organisations may consider combining the roles of AI Officer and DPO, the different responsibilities of each role mean that it is generally better to keep them separate… read more

Investigation uncovers location data of thousands of smartphones in Ireland for sale

rte.ie • 3 min read

🕵️‍♂️ An RTÉ Prime Time investigation has revealed that the detailed movements of tens of thousands of smartphones in Ireland are available to buy from data brokers, raising serious privacy and security concerns. 
The location data, which was tied to apps’ terms and conditions, was detailed enough to trace individuals, prompting alarm from the Data Protection Commission.… read more

ECJ adviser clarifies when companies can refuse access requests

linkedin.com • 2 min read

❌ According to a recent opinion, an ECJ Advocate General has clarified that organisations may dismiss a GDPR access request only if they can demonstrate that it is abusive… read more

Pseudonymised data: CJEU provides clarification on the concept of personal data

burges-salmon.com • 6 min read

🪪 The Court of Justice of the European Union (CJEU) has recently clarified how the GDPR applies to pseudonymised data: personal opinions count as personal data even when pseudonymised because they relate to the individual who expressed them. 
The Court also confirmed that pseudonymised data is not necessarily personal data for third parties, depending on whether re-identification is reasonably possible. Data controllers must still inform individuals about data sharing at the point of collection, even if the data is later pseudonymised… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by Guillaume Périgois on Unsplash