{"id":11126,"date":"2025-09-02T16:45:06","date_gmt":"2025-09-02T14:45:06","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=11126"},"modified":"2025-09-02T16:45:07","modified_gmt":"2025-09-02T14:45:07","slug":"data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/","title":{"rendered":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\">An informal discussion is underway for the greater simplification of the GDPR<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"598\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/technology-3219129_1280-1-1024x598.jpg\" alt=\"simplification of the GDPR\" class=\"wp-image-10551 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/technology-3219129_1280-1-1024x598.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/technology-3219129_1280-1-300x175.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/technology-3219129_1280-1-768x449.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/technology-3219129_1280-1.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The Danish EU Presidency is promoting GDPR reform to increase competitiveness by introducing SME-friendly amendments, such as <a href=\"https:\/\/eutechloop.com\/the-gdpr-review\/\">restricting data rights in low-risk situations, rationalising DPIAs, and requiring prior mediation procedures before lodging complaints<\/a>, the eutechloop.com article states. These are in line with the precedent established by the Commission&#8217;s simplification plan in May this year, which gives small and mid-cap companies, those with less than 750 employees, <a href=\"https:\/\/www.edpb.europa.eu\/news\/news\/2025\/targeted-modifications-gdpr-edpb-edps-welcome-simplification-record-keeping_en\">targeted relief from GDPR reporting requirements<\/a> on keeping records of processing activities (GDPR Art. 30). <\/p>\n<\/div><\/div>\n\n\n\n<p>In addition, the proposal introduces a definition of SME and SMC in Art. 4 of the GDPR and extends the scope of the GDPR\u2019s Art. 40 and 42 to the SMCs, which refer to codes of conduct and certification.\u00a0<\/p>\n\n\n\n<p>According to an insideprivacy.com article, the <a href=\"https:\/\/www.insideprivacy.com\/eu-data-protection\/denmark-proposes-gdpr-and-eprivacy-directive-revision\/\">following Danish proposals<\/a> may make it easier for European organisations to process personal data as they:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define a minimum threshold for when data subject rights apply (Art. 12-20 GDPR).&nbsp;<\/li>\n\n\n\n<li>Clarify when DPIAs are required and consider exemptions or simplifications for SMEs (Art. 35 GDPR).&nbsp;<\/li>\n\n\n\n<li>Make the data subject\u2019s right to complain to the supervisory authority conditional upon certain criteria (eg, prior engagement with the data controller) (Art. 77 GDPR).&nbsp;&nbsp;<\/li>\n\n\n\n<li>Exempt data controllers from having to notify certain data breaches to the supervisory authority, such as \u201cuncomplicated and clearly defined\u201d breaches (Art. 33 GDPR), etc.<\/li>\n<\/ul>\n\n\n\n<p>At the moment, the EU is <a href=\"https:\/\/www.cer.eu\/insights\/transatlantic-trade-talks-eu-must-keep-digital-policy-table\">reevaluating its digital policies<\/a>. This is partly motivated by Mario Draghi&#8217;s report on the bloc&#8217;s lapsed productivity and technology use, but also is fueled by the ongoing political pressure from Washington to ease digital regulations to unlock trade.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Provisions of data reform in the UK are already in place<\/h4>\n\n\n\n<p>On the 20th of August, a set of provisions of the new Data Use and Access Act 2025 entered into force, establishing provisions on<a href=\"https:\/\/digitalpolicyalert.org\/event\/32914-data-use-and-access-bill-including-provisions-on-overriding-and-data-breach-notification-entered-into-force\"> \u2018overriding\u2019 and data breach notification<\/a>, plus reporting and progress requirements in relation to the use of copyright works in the development of AI systems. The Bill applies to all data controllers, processors, and electronic communications service providers handling personal data.<\/p>\n\n\n\n<p>It introduces new sections to the UK Data Protection Act 2018 to prevent relevant enactments passed after the Bill&#8217;s commencement from overriding main data protection legislation requirements (eg, it establishes that data subject rights cannot be overridden unless an express contrary provision is made). The Bill also mandates personal data breach notifications to the Information Commissioner within 72 hours of becoming aware of the breach, digitalpolicyalert.org sums up.<\/p>\n\n\n\n<p>In parallel, the Information Commissioner\u2019s Office is consulting on <a href=\"https:\/\/ico.org.uk\/media2\/5enpfgu2\/dpt-consultation-20250822.pdf\">draft changes to how we handle data protection complaints<\/a>. The Data Use and Access Act places new requirements on organisations to have a complaints process specifically for data protection-related issues,\u00a0 such as providing an <a href=\"https:\/\/ico.org.uk\/about-the-ico\/what-we-do\/legislation-we-cover\/data-use-and-access-act-2025\/the-data-use-and-access-act-2025-how-does-this-affect-me\/\">electronic complaints form. They also must acknowledge your complaint within 30 days and respond to it \u2018without undue delay<\/a>\u2019.\u00a0\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"#newslettersignup\"><mark style=\"background-color:#f6dd96;color:#a46cd9\" class=\"has-inline-color\">Stay up to date! Sign up to receive our fortnightly digest via email.<\/mark><\/a><\/h4>\n\n\n\n<p>Another consultation aims to address the new lawful basis of <a href=\"https:\/\/ico.org.uk\/for-organisations\/recognised-legitimate-interest-requesting-personal-information-for-your-public-tasks-or-official-functions\/\">\u201crecognised legitimate interests\u201d<\/a>. It will provide a presumption of legitimacy to processing activities for certain pre-approved public interest purposes, including activities such as crime prevention, public security, safeguarding, emergency response, and sharing personal data to help other organisations perform their public tasks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Cybersecurity of digital products in Switzerland<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-1024x683.jpg\" alt=\"simplification of the GDPR\" class=\"wp-image-10562 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-1024x683.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-300x200.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-768x512.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-1536x1024.jpg 1536w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/04\/hal-gatewood-tZc3vjPCk-Q-unsplash-2048x1365.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The Swiss Federal Council, meanwhile, decided to strengthen the cyber resilience of digital products. Despite the importance of preventing or quickly addressing such vulnerabilities, <a href=\"https:\/\/www.bag.admin.ch\/en\/newnsb\/QHVUxTqE5DMteBjfCqLlM\">Switzerland currently lacks clear cyber resilience requirements<\/a>. This new legislation will set out cybersecurity requirements for the development and commercialisation of products with digital components, establish rules for market surveillance of these products, and lay the groundwork for banning the import and sale of insecure devices.<\/p>\n<\/div><\/div>\n\n\n\n<p>The new legislation will take into account the international context, including the EU&#8217;s Cyber Resilience Act, which came into force on 11 December 2024, with a draft corresponding bill to be submitted for consultation by Autumn 2026.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Documentation requirements under DORA<\/strong><\/h4>\n\n\n\n<p>What documentation requirements do companies have to fulfil under DORA? The German Federal Financial Supervisory Authority (BaFin) has published <a href=\"https:\/\/www.bafin.de\/SharedDocs\/Veroeffentlichungen\/EN\/Meldung\/2024\/meldung_2024_12_17_Dokumentationsanforderungen_DORA_en.html?nn=19669324\">an overview with graphic attachments<\/a> to help companies navigate these requirements. Companies have had to apply the European Digital Operational Resilience Act\u2019s regulation since 17 January 2025. DORA aims to make the European financial market more secure against cyber risks and incidents affecting information and communication technology (ICT).\u00a0<\/p>\n\n\n\n<p>More guidance on the DORA application can be found <a href=\"https:\/\/www.bafin.de\/DE\/Aufsicht\/DORA\/IKT_Risikomanagement\/IKT_Risikomanagement_artikel.html?nn=19669324\">here<\/a>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Software updates and patch releases<\/strong><\/h4>\n\n\n\n<p>Most software needs updating after its initial release to address bugs, newly identified vulnerabilities, and revisions to features and functionality. But software patches and other changes can introduce new cybersecurity and privacy risks and can impair operations if not managed effectively. To support successful, secure software updates and patches, the US National Institute of Standards and Technology, (NIST), has finalised modifications to its catalogue of <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2025\/08\/nist-revises-security-and-privacy-control-catalog-improve-software-update\">security and privacy safeguards to assist both the developers who create patches and the organisations that receive and implement them in their own systems<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More from supervisory authorities<\/h4>\n\n\n\n<p><strong>Public cloud and data protection:<\/strong> ISO\/IEC 27018 has provided guidance for protecting personally identifiable information (PII) in public cloud services, specifically when the cloud service provider acts as a PII processor. As cloud computing becomes the default mode of service delivery, organisations must <a href=\"https:\/\/www.iso.org\/standard\/27018\">ensure that personal data stored and processed in the cloud is properly safeguarded<\/a>. ISO\/IEC 27018 helps cloud providers meet legal, contractual, and ethical obligations regarding PII. It supports compliance across jurisdictions, enhances customer trust, and provides a clear structure for data protection in the cloud.<\/p>\n\n\n\n<p><strong>IT security label: <\/strong>Manufacturers of smart security solutions can now apply for the IT security label from the German Federal Office for Information Security (BSI). The connected home is part of everyday life for many people. This includes smart security technology, such as <a href=\"https:\/\/www.bsi.bund.de\/DE\/Service-Navi\/Presse\/Alle-Meldungen-News\/Meldungen\/IT-Sik_Smarte_Sicherheitstechnik_250818.html\">app-controlled alarm systems, smart motion sensors, mechatronic security devices (smart locks), and networked smoke detectors<\/a>. In addition to the physical protection of their own four walls, consumers should also consider the cybersecurity of their digital security solutions. With the IT security label, the IT security features of smart security technology are transparent for buyers, and help manufacturers highlight their products on the market.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Protecting child data online<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"706\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-1024x706.jpg\" alt=\"\" class=\"wp-image-10441 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-1024x706.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-300x207.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-768x530.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-1536x1059.jpg 1536w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-goumbik-296308-2048x1412.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>To improve children&#8217;s online safety, the European Commission has adopted <a href=\"https:\/\/ec.europa.eu\/newsroom\/dae\/redirection\/document\/118226\">guidelines for the protection of minors<\/a> under Art. 28 of the Digital Services Act (DSA). This requires platforms accessible to minors to implement appropriate and proportionate measures to ensure a high level of privacy, security and protection of minors, including:\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Age verification and default settings.<\/li>\n\n\n\n<li>Interface design that does not encourage prolonged use of the platform by adolescents.&nbsp;<\/li>\n\n\n\n<li>Limits on the processing of behavioural data and prioritising explicit signals from minors regarding desired content.<\/li>\n\n\n\n<li>Clear rules regarding harmful content and behaviour, the establishment of coordinated moderation policies, and allowing for the possibility of human review in cases of harmful content.<\/li>\n<\/ul>\n\n\n\n<p>At the same time, <a href=\"https:\/\/www.ip-rs.si\/novice\/smernice-po-28-%C4%8Dlenu-dsa-1756449633\">parental controls are best used as a complement to other measures<\/a>, as they are often not equally effective due to different family situations.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Is it permissible to offer a discount for consenting to receive commercial communications?<\/strong><\/h4>\n\n\n\n<p>The Latvian data protection authority states that a small additional benefit (for example, <a href=\"https:\/\/www.dvi.gov.lv\/lv\/jaunums\/dviskaidro-vai-drikst-piedavat-atlaidi-par-piekrisanu-sanemt-komercialus-pazinojumus\">a symbolic discount that the customer can choose to use or not) may be permissible if it does not affect access to the service itself<\/a>. That is to say, consent is not included as a non-negotiable part of the conditions for using the service in its essence, for example, purchasing in an online store.\u00a0<\/p>\n\n\n\n<p>It is important to ensure that the benefits offered, which are associated with consent to the processing of personal data, do not create a feeling of pressure on customers. Namely, the intended amount of benefits should be small enough not to create the feeling in the customer that, by not providing consent to the processing of their data, they will receive a significantly less advantageous offer, thus affecting the person&#8217;s right to freely decide on the processing of their data.<\/p>\n\n\n\n<p>The section intended for entering contact information for receiving news must clearly state the purpose of data processing \u2013 sending commercial communications, and must also contain a function (most often a tickable box) in which the person clearly expresses his\/her wish to receive such communications. Information on the withdrawal of consent and its consequences must also be made easily accessible. In this section, the advantage that the vendor, for example, gives to customers who have shown interest in receiving news should be indicated only as additional information.&nbsp;<\/p>\n\n\n<div id=\"newslettersignup\"><\/div>\n<div id=\"role-block_afb56000281ea3d464c325c7b7a64775\" class=\"text-t-black bg-t-pink p-6 md:p-12 rounded-tr-50 rounded-bl-50 mb-4 lg:mb-12 text-center role\">\n  \n      <h2 class=\"text-xl lg:text-2xl max-w-screen-lg mx-auto text-t-black font-display mb-4\">\n      Receive our digest by email     <\/h2>\n        <h3 class=\"text-base max-w-screen-lg mx-auto text-t-black font-body mb-4\">Sign up to receive our digest by email every 2 weeks<\/h3>\n  \n  <div id=\"rmOrganism\">\n    <div class=\"rmEmbed rmLayout--vertical rmBase\">\n      <div data-page-type=\"formSubscribe\" class=\"rmBase__body rmSubscription\">\n                  <form method=\"post\" action=\"https:\/\/mailing.techgdpr.com\/145\/6351\/5e9fc3cdda\/subscribe\/form.html?_g=1698845230\" class=\"rmBase__content\">\n                  <div class=\"rmBase__container mx-auto max-w-screen-sm\">          \n            <div class=\"rmBase__section\">\n              <div class=\"text-left rmBase__el rmBase__el--input rmBase__el--label-pos-none\" data-field=\"email\">\n                <label for=\"email\" class=\"rmBase__compLabel rmBase__compLabel--hideable hidden\">\n                  Email address\n                <\/label>\n                <div class=\"rmBase__compContainer mb-2\">\n                  <input type=\"text\" name=\"email\" id=\"email\" placeholder=\"Email\" value=\"\" class=\"p-4 border rounded border-gray-400 w-full rmBase__comp--input comp__input\">\n                  <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section mb-4\">\n              <div class=\"rmBase__el rmBase__el--consent\" data-field=\"consent_text\">\n                <div class=\"rmBase__comp--checkbox\">\n                  <label for=\"consent_text\" class=\"flex space-x-2 items-baseline text-left vFormCheckbox comp__checkbox\">\n                    <input type=\"checkbox\" value=\"yes\" name=\"consent_text\" id=\"consent_text\" class=\"vFormCheckbox__input\">\n                    <div class=\"vFormCheckbox__indicator hidden\"><\/div>\n                    <div class=\"vFormCheckbox__label\">\n                                              I consent to the processing of my data and to receiving regular updates from TechGDPR. Data is processed according to our <a href=\"https:\/\/techgdpr.com\/privacy-policy\/\"> Privacy Notice<\/a>.\r\n                                          <\/div>\n                  <\/label>\n                <\/div>\n                <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--cta\">\n                <button type=\"submit\" class=\"inline-flex items-center justify-center px-8 py-3 text-white visited:text-white font-bodybold rounded-md bg-t-navy border-3 border-t-navy hover:border-t-navy hover:bg-transparent hover:text-t-navy transition-all hover:text-white cursor-pointer rmBase__comp--cta\">\n                  Subscribe\n                <\/button>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/form>\n      <\/div>\n      <div data-page-type=\"pageSubscribeSuccess\" class=\"rmBase__body rmSubscription hidden\">\n        <div class=\"rmBase__content\">\n          <div class=\"rmBase__container\">\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--heading\">\n                <div class=\"rmBase__comp--heading\">\n                  Thank you for your subscription!\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--text\">\n                <div class=\"rmBase__comp--text\">\n                  We have sent you an email &#8211; please confirm your email address by clicking the activation link in it.\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n\n      <script src=\"https:\/\/mailing.techgdpr.com\/form\/145\/6069\/8a53c9178b\/embedded.js\" async><\/script>\n  \n<\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>GDPR (non) compliance trends<\/strong><\/h4>\n\n\n\n<p><strong> <\/strong>Some advancements in GDPR compliance are detailed in the Icelandic data protection authority&#8217;s 2024 report. It is good to note that the biggest Icelandic insurance firms, which make automated decisions on applications and requests for offers for <a href=\"https:\/\/island.is\/s\/personuvernd\/frett\/arsskyrsla-personuverndar-2024\">health and life insurance, largely comply with the data privacy laws<\/a>. The agency has placed a greater emphasis on protecting children&#8217;s privacy. Businesses started to monitor closely how kids behave when playing computer games online. Additionally, a business that handles Icelandic genetic analysis is facing legal challenges, and the public sector was sanctioned for improper handling of minors&#8217; data in education.<\/p>\n\n\n\n<p>In parallel, the Maltese data protection regulator, in its annual report, revealed that the majority of complaints received were about <a href=\"https:\/\/idpc.org.mt\/wp-content\/uploads\/2025\/08\/IDPC-Annual-Report-2024-Final.pdf\">CCTV-related cases<\/a>, while other major areas of compliance included data subject access requests and their shortcomings (increasingly in cross-border situations), unsolicited direct marketing and disclosure to third parties, data security and information obligation by data controllers, cookie banners and, finally, AI use.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Cancelling membership \u201cnot easy\u201d<\/strong><\/h4>\n\n\n\n<p>According to the US FTC\u2019s <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2025\/08\/ftc-sues-la-fitness-making-it-difficult-consumers-cancel-gym-memberships\">recent case<\/a> against the operators of LA Fitness, \u201cnot easy\u201d is an understatement for consumers seeking to cancel their LA Fitness memberships or related services. For in-person cancellations, LA Fitness designated only one employee (even though multiple employees can initiate memberships). This has effectively restricted cancellations to whenever that person is available at the gym, often <a href=\"https:\/\/www.ftc.gov\/business-guidance\/blog\/2025\/08\/cancelling-gym-or-other-membership-shouldnt-be-heavy-lift-what-businesses-can-learn-ftcs-case\">during hours when consumers are typically at <\/a>work.\u00a0<\/p>\n\n\n\n<p>The FTC alleges that consumers who try to cancel via mail faced similar challenges. LA Fitness has instructed consumers to print and mail a <a href=\"https:\/\/www.ftc.gov\/business-guidance\/blog\/2025\/08\/cancelling-gym-or-other-membership-shouldnt-be-heavy-lift-what-businesses-can-learn-ftcs-case\">hard-to-find cancellation form<\/a>. Although consumers have been able to cancel by mail without the form, LA Fitness doesn\u2019t disclose which details must be included in the cancellation notice. The company also instructs consumers to send cancellation requests via registered or certified mail. Finally, LA Fitness reinforced these unlawful practices by training staff to reject such emails or phone calls.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">In other news<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"861\" height=\"861\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited.png\" alt=\"\" class=\"wp-image-6542 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited.png 861w, https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited-300x300.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited-150x150.png 150w, https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited-768x768.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2023\/04\/Silvan_privacy_problems_illustration_50cf8ded-07d7-4e8d-9f85-65ab48e95d44-edited-200x200.png 200w\" sizes=\"(max-width: 861px) 100vw, 861px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>YouTube settlement: <\/strong>Google and YouTube have agreed to pay $30 million to settle a long-running class action alleging they <a href=\"https:\/\/topclassactions.com\/lawsuit-settlements\/lawsuit-news\/google-wiggles-out-of-youtube-kids-privacy-class-action\/\">unlawfully collected data from children under 13 to serve targeted ads without parental consent<\/a>. The Google class action settlement, filed in a California federal court, proposes a fund to compensate an estimated 35-45 million children who watched YouTube videos between July 2013 and April 2020.\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>\u201cPay or Ok\u201d illegal:<\/strong> According to the Noyb privacy advocacy organisation, the Austrian Federal Administrative Court upheld a previous ruling by the country&#8217;s data protection authorities that the Austrian daily DerStandard had breached the GDPR by launching &#8220;Pay or Okay.&#8221; Users must be allowed to object to or give selected permission for each processing purpose, according to rulings from the court. DerStandard was the first news website in Austria to implement a &#8220;pay or okay&#8221; policy. <a href=\"https:\/\/noyb.eu\/en\/court-decides-pay-or-okay-derstandardat-illegal\">Customers were forced to consent or pay for a monthly subscription, rather than having a free choice to accept or reject the online tracking of hundreds of third parties<\/a>.<\/p>\n\n\n\n<p><strong>Non-cooperation with the authority: <\/strong>The Swiss FDPIC has filed a criminal complaint against Add Conti GmbH for failure to cooperate in an investigation. Following several complaints from affected individuals, the FDPIC opened an investigation on 4 June. The FDPIC requested the company answer a list of questions within 30 days. The FDPIC expressly reminded Add Conti GmbH of its obligation to cooperate in the proceedings and of the fact that deliberate refusal to cooperate is punishable by a fine of up to CHF 250,000. Although the letter was delivered, the FDPIC received no response.&nbsp;<\/p>\n\n\n\n<p>Add Conti was <a href=\"https:\/\/www.edoeb.admin.ch\/en\/fdpic-complaint-against-add-conti-gmbh\">collecting personal data of persons residing in Germany without their knowledge and making it available to German companies for advertising purposes<\/a>. In addition, the company was not responding to requests for information and deletion.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Major cyberattack on Swedish municipalities<\/strong><\/h4>\n\n\n\n<p>On 23 August, a cyberattack on Milj\u00f6data disrupted services in around 200 municipalities, several major private businesses and universities and colleges, with concerns over stolen sensitive data, news outlets report. The <a href=\"https:\/\/www.imy.se\/nyheter\/omfattande-personuppgiftsincident-hos-miljodata\/\">Swedish data protection regulator confirmed<\/a> that it has already received around 200 reports of cyber incidents.\u00a0Managers and HR use the affected systems to handle medical certificates, rehabilitation matters, and the reporting and management of work-related injuries.\u00a0The attacker has encrypted personal data, preventing businesses from accessing it, but the reporting parties are unaware of how the data has been otherwise affected. In many cases, this concerns information about employees, such as health and union membership.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u2018Personalisation\u2019 in AI systems<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-1024x683.jpg\" alt=\"\" class=\"wp-image-10435 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-1024x683.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-300x200.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-768x512.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-1536x1024.jpg 1536w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/03\/pexels-agk42-2599244-2048x1365.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The Future of Privacy Forum explains the subject of <a href=\"https:\/\/fpf.org\/blog\/personality-vs-personalization-in-ai-systems-an-introduction-part-1\/\">\u2018Personalisation\u2019<\/a>, which refers to features of <a href=\"https:\/\/fpf.org\/blog\/personality-vs-personalization-in-ai-systems-specific-uses-and-concrete-risks-part-2\/\">AI systems that adapt to an individual user\u2019s preferences, behaviour, history, or context<\/a>. Personalisation techniques can include long-term memory knowledge bases, short-term conversation history, user and system prompts, settings, and fine-tuning the model after training.<\/p>\n<\/div><\/div>\n\n\n\n<p>For example, an AI instructor may be able to track a student&#8217;s progress on certain subjects, recall their learning interests and level, and modify explanations as necessary. According to some scholars, an AI system must have a complete understanding of its user, including their present emotional state, to be useful in even more sensitive or private situations, such as mental health.<\/p>\n\n\n\n<p>A user&#8217;s personal information, including prejudices and stereotypes, may be reflected in some of the data they provide to the chatbot or what the algorithm deduces from their interactions. Last but not least, an AI system (such as the <a href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-17072025-ai-generated-voice-and-visuals-potential-to-violate-peoples-rights-and-freedoms\/\">newest AI agents<\/a> by Google, Meta, Anthropic, Microsoft, OpenAI ) that has received or observed user data may be more likely to share that information with third parties in an effort to complete a task without the user&#8217;s consent.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">In case you missed it<\/h4>\n\n\n\n<p><strong>Face photo morphs:<\/strong> America\u2019s NIST issues guidelines to help organisations detect face photo morphs and deter identity fraud. Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud. Thus, morph detection software, which has grown more effective in recent years, can help flag questionable photos.&nbsp; However, the most effective defence against the use of morphs in identity fraud is to <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2025\/08\/nist-guidelines-can-help-organizations-detect-face-photo-morphs-deter\">prevent morphs from getting into operational systems and workflows<\/a> in the first place.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Single-image detection<\/strong>, in the best cases, can detect morphs as often as 100% of the time (at a false detection rate of 1%) if the detector has been trained on examples from the software that generated the morph.&nbsp; However, accuracy can degrade to well below 40% on morphs generated with software unfamiliar to the detector. <strong>Differential detectors<\/strong> are more consistent in their abilities, in the best cases, with accuracy ranging from 72% to 90%, across morphs created using both open-source and closed-source morphing software, but they require an additional genuine photo for comparison.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An informal discussion is underway for the greater simplification of the GDPR The Danish EU Presidency is promoting GDPR reform to increase competitiveness by introducing SME-friendly amendments, such as restricting data rights in low-risk situations, rationalising DPIAs, and requiring prior mediation procedures before lodging complaints, the eutechloop.com article states. These are in line with the [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":11141,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[247,129,122,98,58],"class_list":["post-11126","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-childrens-data","tag-consumer-data-protection","tag-data-subject-access-requests","tag-direct-marketing","tag-gdpr-compliance"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-300x200.png",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-768x512.png",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-1024x682.png",640,426,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-200x200.png",200,200,true]},"post_excerpt_stackable":"<p>An informal discussion is underway for the greater simplification of the GDPR The Danish EU Presidency is promoting GDPR reform to increase competitiveness by introducing SME-friendly amendments, such as restricting data rights in low-risk situations, rationalising DPIAs, and requiring prior mediation procedures before lodging complaints, the eutechloop.com article states. These are in line with the precedent established by the Commission&#8217;s simplification plan in May this year, which gives small and mid-cap companies, those with less than 750 employees, targeted relief from GDPR reporting requirements on keeping records of processing activities (GDPR Art. 30). In addition, the proposal introduces a definition&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-300x200.png",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-768x512.png",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-1024x682.png",640,426,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png",1280,853,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280-200x200.png",200,200,true]},"post_excerpt_stackable_v2":"<p>An informal discussion is underway for the greater simplification of the GDPR The Danish EU Presidency is promoting GDPR reform to increase competitiveness by introducing SME-friendly amendments, such as restricting data rights in low-risk situations, rationalising DPIAs, and requiring prior mediation procedures before lodging complaints, the eutechloop.com article states. These are in line with the precedent established by the Commission&#8217;s simplification plan in May this year, which gives small and mid-cap companies, those with less than 750 employees, targeted relief from GDPR reporting requirements on keeping records of processing activities (GDPR Art. 30). In addition, the proposal introduces a definition&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-02T14:45:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-02T14:45:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems\",\"datePublished\":\"2025-09-02T14:45:06+00:00\",\"dateModified\":\"2025-09-02T14:45:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/\"},\"wordCount\":2551,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/office-6755544_1280.png\",\"keywords\":[\"Children's data\",\"consumer data protection\",\"data subject access requests\",\"direct marketing\",\"GDPR Compliance\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/\",\"name\":\"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/office-6755544_1280.png\",\"datePublished\":\"2025-09-02T14:45:06+00:00\",\"dateModified\":\"2025-09-02T14:45:07+00:00\",\"description\":\"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/office-6755544_1280.png\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/office-6755544_1280.png\",\"width\":1280,\"height\":853,\"caption\":\"simplification of GDPR\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR","description":"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/","og_locale":"en_US","og_type":"article","og_title":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR","og_description":"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems","og_url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/","og_site_name":"TechGDPR","article_published_time":"2025-09-02T14:45:06+00:00","article_modified_time":"2025-09-02T14:45:07+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png","type":"image\/png"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems","datePublished":"2025-09-02T14:45:06+00:00","dateModified":"2025-09-02T14:45:07+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/"},"wordCount":2551,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png","keywords":["Children's data","consumer data protection","data subject access requests","direct marketing","GDPR Compliance"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/","url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/","name":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png","datePublished":"2025-09-02T14:45:06+00:00","dateModified":"2025-09-02T14:45:07+00:00","description":"TechGDPR\u2019s review of the most important data-related stories: greater simplification of GDPR, \u2018personalisation\u2019 in AI systems","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/09\/office-6755544_1280.png","width":1280,"height":853,"caption":"simplification of GDPR"},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-02092025-greater-simplification-of-gdpr-personalisation-in-ai-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Data protection digest 18-31 Aug 2025: Greater simplification of GDPR, \u2018personalisation\u2019 in AI systems"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=11126"}],"version-history":[{"count":15,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11126\/revisions"}],"predecessor-version":[{"id":11143,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11126\/revisions\/11143"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/11141"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=11126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=11126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=11126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}