Privacy & Cybersecurity #78

Privacy & Cybersecurity #78
The EU has advanced major privacy, AI, and cybersecurity policy changes, including final approval of AI Act simplification, updated GDPR case guidance, NIS2 security measures, and new rules affecting AI deployments, video games, neurodata, and agentic AI. The package also highlights international privacy and data-transfer risks, from the EUโ€“U.S. Data Privacy Framework and FTC independence concerns to G7 priorities on age assurance, smart glasses, and connected devices. #EUAIAct #EDPB #NIS2 #GDPR #DPF #FTC #G7 #EstoniaAI #NIST #noyb

Keypoints

  • The EU finalized AI Act simplification, delaying some high-risk obligations and adding new bans on non-consensual intimate content and AI-generated child sexual abuse material.
  • The EDPB updated its OSS digest, showing recurring failures in handling GDPR objections and erasure requests, especially around routing and identity verification.
  • The NIS Cooperation Group published a reference document mapping NIS2 security measures to common frameworks like ISO 27001 and NIST CSF 2.0.
  • Spanish and Belgian regulators issued GDPR guidance for video games, focusing on telemetry, profiling, childrenโ€™s privacy, and purpose limitation.
  • Ireland, Estonia, and the G7 all introduced new AI and privacy initiatives covering public-sector AI security, AI agent identities, and controls for age assurance and smart glasses.

Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-78