The EDPS Microsoft investigation into the Commission’s use of Microsoft 365 is now closed, but the core risks remain. This article explores how the Commission addressed data protection issues through contractual safeguards, and why these cannot fully shield EU data from U.S. surveillance laws like the Cloud Act. A closer look at regulatory pragmatism in the face of legal limits.

From 2 August 2025, new obligations apply to providers of general-purpose AI models under the EU AI Act. This post explains which models are affected, what compliance steps are required, and how the transitional regime works for models already on the market. Includes links to the official guidelines, FAQ, and mandatory transparency template.

A Dutch driver was wrongly fined €439 when an AI system mistook her ice pack for a phone - and human reviewers didn’t catch the error. This case shows how AI in law enforcement can fail, especially at scale, when oversight is weak. Public trust depends not on automation alone, but on accountability when the system gets it wrong.

The AI Diplomacy Experiment tested 18 large language models in the strategic game Diplomacy to explore emergent AI behavior under competitive pressure. Models like ChatGPT, Claude, and DeepSeek demonstrated varying strategies - from cooperation to deception - revealing critical insights into AI alignment, strategic reasoning, and AI governance challenges. The findings raise urgent questions about how AI systems behave in adversarial environments and how institutional values s

The European Commission is consulting on how to implement the AI Act’s rules for high-risk AI systems. Learn what’s at stake, what the consultation covers, and how your business can contribute before the 18 July 2025 deadline.

The EDPB has released its final guidelines on Article 48 GDPR, clarifying how EU organisations should respond to foreign court orders and subpoenas. Discover what changed since the draft, what’s still allowed under Article 49(1)(e), and how to stay compliant.

Meta plans to use your Facebook and Instagram data to train its AI starting 27 May 2025. Learn how to object and protect your privacy before it's too late.

Welcome to the AI digital and privacy recap of privacy news for week 37 of 2024 (9-15 September)! 

Welcome to the AI digital and privacy recap of privacy news for week 37 of 2024 (9-15 September)!

The EU’s digital regulation model isn’t designed for speed - it’s designed for legitimacy. This article explores why the EU prioritizes democratic values, human rights, and long-term accountability over rapid tech deployment, and what that means for global companies navigating GDPR, the AI Act, and the Digital Services Act. A must-read for anyone working at the intersection of law, technology, and governance.