Data and Privacy Matters – April 2025
April was another eventful month in the world of data and privacy, so join us as we delve into the latest news in this month's episode of the Fieldfisher Data & Privacy Matters podcast.
Lorna Cropper, Matthew Gregson, and Charley Guile dive into the recent developments regarding the use of personal data for training AI systems, highlighting new inquiries by the Irish Data Protection Commission and Meta's ongoing efforts in the EU. This episode also covers the European Commission's AI Continent Action Plan and provides actionable insights for organisations to comply with the upcoming EU AI Act.
Additionally, listeners are brought up to speed on the latest from the EDPB regarding AI privacy risks and new guidelines for blockchain technologies, underscoring the continuous evolution in the regulatory landscape. Ofcom's finalised safety measures for children's online protection, along with significant fines imposed by the DMA on major tech companies are also mentioned.
Attention is then focused on the EU Commission's consultation for revisions to the Cybersecurity Act, and updates on international data protection adequacy agreements, particularly between the EU and Japan, and the UK and Japan.
The episode wraps up with critical updates on major data breaches affecting the UK retail sector and the latest court ruling on negligence claims related to data breach notifications.
Sources of the news discussed:
AI updates
- Irish DPC inquiry into X's use of publicly accessible posts to train AI - Data Protection Commission Announces commencement of inquiry into X Internet Unlimited Company (XIUC) | 11/04/2025 | Data Protection Commission
- Meta announces plans to train AI on public content - Making AI Work Harder for Europeans
- The European Commission's AI Continent Action Plan - The AI Continent Action Plan | Shaping Europe’s digital future
- CNIL sandbox results - Artificial intelligence and public services: the CNIL publishes the results of its “sandbox”
- EDPB commissioned report - AI Privacy Risks & Mitigations Large Language Models (LLMs)
EDPB/EU Commission updates
- EDPB Annual Report 2024 - Protecting personal data in a changing landscape
- Blockchain - EDPB adopts guidelines on processing personal data through blockchains
- EU Commission - Commission opens consultation on revising EU Cybersecurity Act
Japan Adequacy
- EU GDPR adequacy statement (Japan)- Joint press statement by Michael McGrath and Ohshima Shuhei, Commissioner of the Personal Information Protection of Japan
- UK GDPR adequacy statement (Japan) - UK-Japan data adequacy: joint statement - GOV.UK
Online Safety
Regulatory updates
- EU commission fines under the Digital Markets Act - Commission finds Apple and Meta in breach of the Digital Markets Act Press Release
- NOYB Ubisoft complaint to Austrian DPA – NOYB announcement
![A close-up of computer code displayed on a screen, with lines of code in vibrant blue, pink, and purple colors. One line of text is highlighted in red, stating "[error] virus detected," indicating a security issue within the code.](https://res-1.cloudinary.com/fieldfisher/image/upload/c_lfill,dpr_2,g_auto,h_240,w_440/f_avif,q_auto/v1/services/data%20protection%20and%20cyber%20security/dataprotection_code-errordetected_1048264156_medium_tjlow9)
