Data and Privacy Matters: Legal Updates - September 2025

The episode opens with a discussion on the recent EU Court of Justice's landmark ruling on the scope of pseudonymised personal data affirming that such data may not be considered personal in the hands of a third-party recipient lacking the means to identify individuals. Martin explores the EDPB's draft guidelines aimed at reconciling the Digital Services Act (with the GDPR), recent CNIL cookie fines and the ICO’s latest enforcement, consultations and guidance. Rida covers the surge in data breaches and cyber-attacks across the UK and Europe, before the conversation shifts to developments in AI and online safety.

Anna wraps up with a brief overview of the latest updates linked to the Data Act, and the episode concludes with a discussion on the European Commission’s draft adequacy decision.

The team then turns to enforcement updates, including the recent CNIL cookie fines and ICO's latest enforcement activities, as well as consultations and guidance. Rida highlights the surge in data breaches and cyber-attacks across the UK and Europe before the team turns to developments in AI and online safety.

Anna wraps up with a quick overview of the latest Data Act updates before the episode closes with some comments on the European Commissions' draft adequacy decision.