Microsoft will process M365 Copilot data locally in 15 countries by utilizing regional data centers, addressing digital sovereignty concerns. The initiative begins in Australia, India, Japan, and the UK, expanding to other countries by 2026, aiming to enhance data governance and reduce latency for customers, especially in regulated industries.
The ECJ clarified that pseudonymized data does not always constitute personal data under the GDPR; its classification depends on whether the recipient can reasonably reidentify individuals by considering technical, organizational, and legal factors. The perspective of the data recipient is critical; if they cannot realistically identify individuals, GDPR does not apply to that data. However, this is not an unlimited exemption—if reidentification is possible through access or contractual means, the GDPR requirements still apply. Data controllers must still be transparent, document their processes carefully, and regularly update their assessments and contracts. This decision may reduce GDPR compliance burdens and encourage broader data use for analytics and AI, provided that the risks of reidentification are effectively managed.
https://www.jdsupra.com/legalnews/in-a-landmark-decision-eu-court-7439040/
Microsoft Teams will record workplace presence starting December 2025 by detecting connections to office Wi-Fi, aiming to aid hybrid work setups. The feature automatically sets user status based on their location, raising potential data privacy concerns and necessitating employee consent and management activation for use. Critics warn it could undermine trust in remote work practices, emphasizing the need for legal compliance under GDPR and labor laws.
https://www.heise.de/en/news/Microsoft-Teams-can-record-office-presence-from-December-10899943.html
AI emotional surveillance threatens personal autonomy and democracy, with applications in education, border control, and public safety raising privacy concerns. These technologies analyze emotions through facial expressions and physiological cues, risking manipulation and coercion. Current regulations, like the EU AI Act, inadequately address these issues, leaving legal gaps that could undermine individual freedoms. Without proper oversight, emotional surveillance may lead to a society where self-expression is suppressed, jeopardizing democratic values and autonomy.
The EU has established itself as a global leader in responsible tech governance by enacting strong privacy, competition, and consumer protection regulations that prioritize citizen rights over corporate interests. Measures like GDPR and the Digital Markets Act have set new standards and forced international tech firms to adapt. However, the regulatory approach brings challenges: it creates compliance burdens for businesses, risks stifling innovation, particularly in AI, and can lead to user consent fatigue. Tensions are emerging as new legislative efforts threaten to erode privacy and expand surveillance, putting the EU’s legacy at risk. The central dilemma is whether Europe can continue to lead on digital rights without shifting toward the very authoritarian measures it once opposed.
JD Supra offers legal news and insights across various topics, including labor, finance, healthcare, and more. Users can customize email digests based on interests and follow updates on trending issues like AI and employer liability. The platform showcases top authors and provides resources for personalized business intelligence.
https://www.jdsupra.com/legalnews/eu-u-s-data-transfers-in-2025-9199770/
ZKP: cryptographic method allowing one party to prove knowledge of a fact without revealing the fact itself, enhancing security and privacy in transactions, authentication, and blockchain protocols.
Microsoft cannot guarantee data sovereignty for its French customers, admitting it must comply with U.S. government data requests under the Cloud Act. During a Senate hearing, company executives acknowledged they would need to share information if compelled, despite safeguards in place to resist unfounded requests. This raises concerns about privacy and security for EU users, prompting discussions on increasing European digital sovereignty.
https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/
EU's Age Verification App aims to verify users' ages via digital wallets but poses privacy and accessibility concerns. It relies on various methods (eIDs, biometric data), but many marginalized groups may be excluded, risking their access to online services. Privacy measures in the app are not mandatory, and the reliance on zero-knowledge proofs and verification regulations may not adequately protect user data. The initiative could hinder democratic access while attempting to safeguard children online. More robust regulations and equitable access solutions are needed.
https://www.eff.org/deeplinks/2025/04/age-verification-european-union-mini-id-wallet
EU age verification trends push digital identities for user safety, but raise privacy concerns. Proposals may mandate age checks, risking free expression and contradicting children's rights. Current laws suggest age evaluations without explicit requirement. Upcoming digital identity wallets planned for 2026 could be used for age verification, potentially expanding beyond intended limits, creating further privacy issues. EFF critiques this approach, urging to prioritize user rights.
https://www.eff.org/deeplinks/2025/04/digital-identities-and-future-age-verification-europe
