On March 17, 2025, the Finnish Supervisory Authority (“SA”) announced that it is investigating the transfer of personal data related to human research samples by a Finnish university to a Chinese company for genetic analysis services.
Inside Privacy
Updates on developments in data privacy and cybersecurity
Latest from Inside Privacy - Page 2
CJEU Rules on Right of Rectification of Gender Identity
On March 13, 2025, the Court of Justice of the EU (“CJEU”) ruled that the right of rectification (in Article 16 GDPR) requires a national authority to correct a person’s gender identity, where it is shown to be inaccurate (Case C‑247/23 [Deldits]). The authority, however, may require that person to provide relevant and…
U.S. Senate Introduces Genomic Data Protection Act
On March 5, 2025, Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the federal Genomic Data Protection Act (“GDPA”). The Senators introduced the same bill at the end of last year, but the bill stagnated, and Congress adjourned soon after. Notably, as part of his February 2024 white paper, Senator Cassidy specifically called…
China Releases New Labeling Requirements for AI-Generated Content
On March 14, 2025, the Cyberspace Administration of China (“CAC”) released the final Measures for Labeling Artificial Intelligence-Generated Content and the mandatory national standard GB 45438-2025 Cybersecurity Technology – Labeling Method for Content Generated by Artificial Intelligence (collectively “Labeling Rules”). The rules will take effect on September 1, 2025.
The Labeling Rules impose explicit and…
Belgian High Court Decides on Abuse of Law in relation to the GDPR Right to File a Complaint
On January 10, 2025, the Belgian High Court (Hof van Cassatie) upheld the decision of the Market Court in a case that pitched the GDPR right to file a complaint against the general legal principle in Belgian law that prohibits the abuse of law.…
European Commission Confirms Plans to Simplify GDPR
On March 13, 2025, the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath, confirmed that the Commission is considering simplifying the GDPR with a view to reducing the burden on smaller businesses. This statement aligns with the Commission’s broader goal of simplifying the EU digital framework.…
District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act
On March 13, 2025, the U.S. District Court for the Northern District of California issued an order granting NetChoice’s preliminary injunction against the entire California Age-Appropriate Design Code (CA AADC). The court held that NetChoice is likely to succeed on the merits of its facial First Amendment challenge because CA AADC is content-based, and it…
EDPB Launches Coordinated Enforcement on the Right to Erasure
Updated
On March 5, 2025, the European Data Protection Board (“EDPB”) announced that EU Supervisory Authorities (“SAs”) will undertake a coordinated enforcement action in 2025 regarding data subjects’ right to erasure under Art. 17 of the GDPR. For context, the EDPB selects a particular topic each year as its focus for pan-EU coordinated enforcement.…
CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case…
European Health Data Space Published
On March 5, 2025, the Regulation on the European Health Data Space (“EHDS”) was published in the Official Journal (see here). The text enters into force on March 25, 2025, however it only becomes applicable in a staggered manner over several years.
The section on secondary use of the EHDS only starts applying four…