International Privacy News – September 2025

01.10.2025

September brought an intense wave of developments in global privacy, ranging from landmark EU court decisions and record fines to rising scrutiny of AI systems and workplace monitoring. The month underscored both the growing role of regulators and the mounting challenges companies face in balancing innovation with fundamental rights. Below, we summarise the key international privacy stories that we shared on LinkedIn in September 2025.

en_au Australia Issues Immersive Tech Warning (September 30, 2025)
Australia’s digital regulators released a working paper on immersive technologies, flagging significant risks around privacy, safety, and competition.
Read more

it_it Italy Fines Energy Firm €3M for Telemarketing (September 29, 2025)
Italy’s data protection authority imposed a €3 million fine on an energy company and its agencies for unlawful telemarketing under the GDPR.
Read more

en_nz New Zealand Backs Trustworthy AI Governance (September 26, 2025)
New Zealand joined 18 other privacy regulators in endorsing principles for trustworthy AI governance, emphasizing lawful data use, safeguards, and privacy by design.
Read more

nl_nl Dutch Regulator Warns LinkedIn Users (September 25, 2025)
The Dutch privacy authority urged LinkedIn users to opt out to prevent their profiles from being used to train AI models.
Read more

eu EDPS Demands Safeguards for EU-US Data Transfers (September 24, 2025)
The EDPS insisted that any transfer of EU personal data to the U.S. must include comprehensive and effective safeguards.
Read more

en_au Kmart Australia Unlawfully Used Facial Recognition (September 23, 2025)
Kmart Australia was found to have unlawfully deployed facial recognition in 28 stores to combat refund fraud, capturing all visitors’ biometric data without consent.
Read more

it_it Italy Suspends Milan Airport Face Scan (September 22, 2025)
Italy’s data protection authority suspended the use of facial recognition at Milan airport due to insufficient safeguards for biometric data.
Read more

us FTC Investigates AI Companion Chatbots (September 19, 2025)
The U.S. Federal Trade Commission launched a probe into AI ‘companion’ chatbots, focusing on child safety and companies’ transparency about potential harms.
Read more

eu EDPB Clarifies DSA-GDPR Interplay (September 18, 2025)
The European Data Protection Board issued new guidelines clarifying how the Digital Services Act aligns with GDPR obligations.
Read more

eu EU Abandons ePrivacy Reform (September 17, 2025)
The EU dropped its long-debated ePrivacy reform and the AI Liability Directive, shifting its focus toward competitiveness and data access for AI.
Read more

hi_in WhatsApp Challenges Indian Regulator (September 16, 2025)
WhatsApp argued before India’s tribunal that the competition authority lacks jurisdiction over data safety, claiming such matters fall solely under privacy law.
Read more

en_gb UK Bossware Monitoring Raises Alarms (September 15, 2025)
A survey revealed that one-third of UK employers use ‘bossware’ to monitor employees, triggering serious concerns about trust and privacy.
Read more

en_au Australia Faces Record Ransomware Peak (September 12, 2025)
Australia recorded a sharp rise in ransomware attacks, with data theft nearly doubling to 238 terabytes.
Read more

en_nz New Zealand AI Policy Gap (September 11, 2025)
More than half of New Zealand companies were found to lack clear AI policies, leaving them exposed to regulatory and operational risks.
Read more

eu EU Data Act Takes Effect (September 10, 2025)
The EU Data Act came into force on 12 September, requiring companies to grant users access to and sharing rights over product-generated data.
Read more

zh_cn China Fines Dior in Data Leak Case (September 9, 2025)
China fined Dior’s Shanghai branch for illegally transferring customer data abroad after a major leak.
Read more

eu EU Court Upholds EU-US Privacy Framework (September 8, 2025)
The EU Court upheld the EU-US Data Privacy Framework, restoring legal certainty for transatlantic data flows.
Read more

fr_fr France Fines Google €325M Over Gmail Ads (September 5, 2025)
France fined Google €325 million for sending Gmail ads without user consent, following a noyb complaint under EU privacy rules.
Read more

us Trump Threatens EU Sanctions (September 4, 2025)
The Trump administration threatened sanctions against EU officials enforcing the Digital Services Act, escalating transatlantic tech tensions.
Read more

eu EU Rejects Censorship Claims (September 3, 2025)
The EU denied accusations of censorship against U.S. tech giants, responding as Trump threatened sanctions over digital regulation.
Read more

us AI Browsers Revive Surveillance Concerns (September 2, 2025)
AI-powered browsers were criticized for reproducing Big Tech’s most invasive surveillance practices by collecting deep, invisible personal data.
Read more

de_at YouTube GDPR Access Ruling (September 1, 2025)
Austria’s Data Protection Authority ruled that YouTube must finally comply with a user’s GDPR access request after years of resistance.
Read more

You can also follow us on LinkedIn to stay informed about the latest developments in data protection: https://www.linkedin.com/company/iitr-datenschutz-gmbh/

Über den Autor – Marvin Stellmacher

Herr Stellmacher ist zertifizierter Datenschutzbeauftragte (udis), zertifizierter IT-Sicherheitsbeauftragter (udis) und verfügt über eine abgeschlossene Berufsausbildung zum Rechtsanwaltsfachangestellten. Mit seiner beruflichen Erfahrung im Vertrieb von Legal-Tech Software verantwortet Herr Stellmacher bei der IITR Datenschutz GmbH Aufgaben in Vertrieb und Kundenbetreuung.

Kontakt:

Rechtsanwalt Dr. Sebastian Kraska, externer Datenschutzbeauftragter

+49 (0)89 1891 7360 email@iitr.de Kontaktformular

Beitrag teilen:

Ähnliche Beiträge:

• International Privacy News: July 2025
• International Privacy News: August 2025
• Europäische Kommission: Zweiter Bericht zur Anwendung der Datenschutzgrundverordnung (DSGVO)