On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board
Privacy
Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services
Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by…

FTC finalizes COPPA rule amendments




On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a…
Facial recognition and privacy: Updated OAIC guidance

The Office of the Australian Information Commissioner (OAIC) has issued guidance to private sector organisations who are considering using facial recognition technology (FRT) for identification purposes in commercial or retail settings. The guidance follows a determination of the Privacy Commissioner…
Australian Privacy Alert: Parliament passes major and meaningful privacy law reform

On 29 November 2024, the first tranche of sweeping Australian privacy reforms under the Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) passed both Houses of Parliament. We previously considered the Bill when it was tabled on 12 September…
TR v Land Hessen – DPA not obliged to fine under the GDPR

By Shan Nanayakkara
In TR v Land Hessen (C‑768/21) the European Court of Justice (“ECJ”) found that following a personal data breach, a supervisory authority is under no obligation to exercise its corrective powers, specifically the power to…

2024 Technology Privacy and Cybersecurity Summit | November 25 – 28, 2024

Norton Rose Fulbright Canada invites you to its leading annual technology, privacy, and cybersecurity virtual summit. Learn how to leverage AI for a competitive edge while mitigating its inherent risks.
This four-part series is tailored for legal professionals, business leaders…
Don’t throw the AI baby out with the data leakage bath water: Reading “AI Snake Oil” with a spirit of optimism


The privacy-cyber world seems preoccupied with issues related to the nexus between personal data and AI. Those issues, although important, are dwarfed by a more pressing and fundamental question: can we get AI to do useful things reliably and accurately…

Lessons on international transfers to the US to organisations caught by the GDPR
The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of…

Recent regulatory developments in training AI models under the GDPR



In 2024, many organisations have been eager to look at how they can use the data they hold to debut or build on their artificial intelligence (AI) programme. Many are looking to use that data to train AI models, or…