Here are key highlights from February 2025 detailing global news and regulatory updates.
US & Canada
- US Department of Justice will no longer defend the independent status of the Federal Trade Commission (FTC), according to a letter from a member of Congress
- US health care groups call for proposed HIPAA Security Rule amendments to be “rescinded immediately,” arguing that it would impose significant burdens without improving cybersecurity
- US online health platform to face a class action suit for violating federal video privacy law after allegedly disclosing subscribers’ video-viewing information to Meta Platforms
- Virginia legislature passes a bill regulating how AI can be used, but the state’s governor has not yet expressed support for the bill and may not sign it by the March 24 deadline
EMEA
- EU reportedly seeking to cut back on tech regulation and limit AI reporting requirements to remain competitive in the AI development space
- EU and Brazil data protection authorities meet to strengthen cooperation on AI and to continue dialog over a bilateral data flow agreement between Brazil and the EU (in Portuguese; also in LATAM)
- EU Data Boundary for the Microsoft Cloud is announced and will allow public sector and commercial customer data to be stored and processed in the EU and European Free Trade Association (EFTA)
- EU’s European Commission releases non-binding guidelines to help relevant parties determine whether software constitutes an AI system
- EU’s European Commission working on a European Data Union Strategy to simplify data regulations and to allow for more seamless data sharing at scale while maintaining high privacy standards
- EU advocate general from the Court of Justice of the European Union (CJEU) asserts that pseudonymized data shared with a third party may not be automatically considered personal data if the risk of re-identification is deemed “non-existent or insignificant”
- France’s data protection authority releases two new recommendations to promote responsible innovation in AI, urging AI developers to anonymize their models when doing so does not compromise the model’s intended purpose
- Saudi Arabia’s data protection authority issues guidelines for transferring personal data outside of the country
- Switzerland’s information commissioner publishes guidelines for reporting data security breaches
- UK government produces its AI Cyber Security Code of Practice, which details baseline principles to protect AI systems and the organizations that create and use them
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Japanese government ministry releases an updated checklist for AI use aimed at Japanese businesses (in Japanese)
- Japan’s data protection authority may remove a prior consent requirement for sensitive personal information used in AI development, aiming to facilitate the use of personal information by AI-related businesses
LATAM
- Brazil and EU data protection authorities meet to strengthen cooperation on AI and to continue dialog over a bilateral data flow agreement between Brazil and the EU (in Portuguese; also in EMEA)