Data and Privacy Matters: Legal Insights – January 2025

Lorna Cropper, Charley Guile, and Salma Eleyan start the episode discussing China's latest AI model, its industry impact, and the swift regulatory responses. They also delve into the UK government's AI Opportunities Action Plan and the ICO's reaction to this ambitious strategy.

Focus then turns to new and updated law in the EU with news on DORA and Cybersecurity before the team explores the European Health Data Space Regulation and its implications for individuals and organisations. The UK government's consultation on ransomware also features.

Efforts to enhance online safety and age verification systems are also highlighted, with consideration given to Ofcom's Statement: Age Assurance and Children's Access before looking at initiatives across US states.

The episode then pivots to recent EDPB guidelines on pseudonymisation before discussing details about the EDPB's sweep which was focused on Data Subjects Rights and the and the ICO's new online tracking strategy.

 The episode concludes with details about new ICO fee levels and several interesting cases focused on personal data. As well as a couple of legal cases. Don't miss this comprehensive roundup of key legal updates in data and privacy.

Resources

AI

PRESS RELEASE - IA: the Italian Data Protection Authority asks for information from... - Privacy Guarantor

PRESS RELEASE - Artificial intelligence: the Italian Data Protection Authority blocks the data protection system from the Italian Data Protection Authority... - Italian Data Protection Authority

AI Opportunities Action Plan: government response - GOV.UK

Statement in response to AI Action Plan | ICO

Program | Artificial Intelligence Action Summit

What do we expect from the France AI Action Summit

EU Tech Reg

Digital resilience for the financial sector: the Digital Operational Resilience Act (DORA) now applies | Fieldfisher

The EU Cyber Solidarity Act | Shaping Europe’s digital future

EU cyber security strategy: new laws, new obligations – an overview | Fieldfisher

The new EU Heath Data Space Regulation: a turning point for EU health data access? | Fieldfisher

Action plan to protect the health sector from cyberattacks

Massive Data Breaches in 2024: What Are the Key Lessons and Steps to Take? | CNIL

Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK

Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products

Online Safety

Statement: Age Assurance and Children’s Access - Ofcom

MLex | Multiple US states to introduce age-verification legislation targeting app stores (Paywall)

EDPB

https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2025/guidelines-012025-pseudonymisation_en

CEF 2024: EDPB identifies challenges to the full implementation of the right of access | European Data Protection Board

ICO

Taking control: our online tracking strategy | ICO

The Data Protection (Charges and Information) (Amendment) Regulations 2025

Case Law

Court upholds EDPB's authority after challenge from Ireland's DPC | IAPP

https://www.judiciary.uk/wp-content/uploads/2025/01/Ashley-v-HMRC.pdf

Mike Ashley triumphs in data protection dispute against HMRC  

Enforcement

https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-01/cp250002en.pdf#:~:text=The%20association%20Mousse%20challenged%2C%20before,when%20purchasing%20transport%20tickets%20online

https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-01/cp250001en.pdf