PrivacySignal
GDPR / Intl

EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing

EDPB · · EU · GDPR & International

The European Data Protection Board and the newly established Anti-Money Laundering Authority have announced a joint effort to develop guidelines on how financial institutions can share customer information to fight money laundering and terrorist financing without violating data protection rules. The collaboration stems from an explicit provision in the EU's AML Regulation allowing such information exchanges.

Why this matters: Banks and financial firms already collect enormous amounts of personal data. Now there is a formal EU push to make it easier for them to share that data with each other, all in the name of fighting financial crime. That is a legitimate goal. But bulk information sharing between institutions is exactly the kind of arrangement that can quietly erode financial privacy for ordinary people who are not suspected of anything. The joint guidelines will determine how much protection actually survives in practice. Watch what the rules say about consent, purpose limits, and who can be swept in.

Who should care: Lawyers · Privacy officers · AI governance · Compliance

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

GDPR / Intl
CNIL · · EU / France

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Data protection authorities from G7 nations have jointly agreed on a set of guiding principles addressing how emerging technologies should handle children's data and safeguard minors online.

Why this matters: Coordinated international standards could strengthen baseline protections for one of the most vulnerable groups in the digital ecosystem, though implementation will determine whether principles translate into enforceable rights or remain aspirational.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
CNIL · · EU / France

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Data protection authorities from G7 nations have jointly adopted a set of principles addressing how emerging technologies should handle children's data and safeguard minors online. The agreement signals coordinated regulatory intent across major democracies to hold technology developers to higher standards when children are involved.

Why this matters: Harmonized international standards could strengthen baseline protections for one of the most vulnerable groups in digital spaces, while also shaping how broadly surveillance-adjacent features — such as behavioral profiling and targeted content — may be deployed against minors.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
DataBreaches.net · · International

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner’s Office (ICO) has released a report titled “EdTech examined — Key Findings from Our Audits.” The ICO issued the following statement to accompany the report’s release: Today, the ICO has published ‘Edtech examined’, a new report which outlines how we have worked directly with edtech providers to review and improve data protection practices... Source

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
- - Center for Democracy and Technology · · International

Potential Avenues for Redress for AI-related Harms under the GDPR: A Visual Explanation

The Center for Democracy and Technology has published a visual guide mapping out how individuals can seek redress for harms caused by AI systems under the GDPR. The resource appears aimed at helping people and advocates understand which legal pathways are available when AI causes harm covered by European data protection law.

Why this matters: Most people have no idea what to do when an AI system gets them wrong — denied a loan, flagged by a hiring tool, misidentified by a government system. The GDPR gives people real rights in those situations, but the path to using them is not obvious. A clear map of those options matters because rights you cannot find are rights you cannot use. This kind of resource shifts the balance slightly toward the people on the receiving end of automated decisions.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy