top of page
Search

DPM Weekly Insights – October 30, 2025

Welcome to this week’s edition of DPM Weekly Insights.


Here’s a friendly, high energy brief identifying three top developments in data protection, privacy and responsible AI, designed for privacy professionals, compliance leaders, and anyone navigating the complex intersection of technology and regulation.


📂 This Week’s Highlights


✉️ California advances user deletion rights with new law

🤖 EU regulator issues fresh guidance on generative AI

🚨 Silent breaches surge: long term infiltration becomes the new norm



✉️ California strengthens user deletion rights


California has taken another major step in data privacy legislation with Governor Gavin Newsom signing AB 656 into law.


This bill requires platforms, especially social media companies, to implement a streamlined and effective user account deletion process.


Crucially, when users delete their accounts, companies are now legally obligated to erase all associated personal data, not just deactivate the profile.


The legislation is seen as a response to widespread practices where companies retain residual data long after an account is closed, effectively bypassing users' intentions to leave no digital trace.



Why it matters: This law reinforces data sovereignty by strengthening individuals' control over their personal data and limiting companies' leeway in retaining deleted information.


Lesson Learned: Review your organization's data deletion practices to ensure they align not just with GDPR but with state-level requirements in the US, where enforcement is intensifying.



🤖 EU regulator issues fresh guidance on generative AI


The European Data Protection Supervisor (EDPS) has released detailed recommendations for organizations developing or deploying generative AI technologies.


The guidance emphasizes that existing data protection principles under the GDPR still apply—regardless of whether personal data is generated, inferred or used to train models.


Topics include transparency, lawful basis for data processing, and appropriate safeguards for automated decision-making.


The EDPS also warns against 'data laundering' via synthetic outputs, where AI systems may indirectly expose personal data from training sets.



Why it matters: Regulators are making it clear that the AI revolution is not exempt from privacy law. This is a crucial step in aligning tech development with human rights protections.


Lesson Learned: Build privacy compliance into your AI lifecycle from data collection to model deployment. Perform DPIAs where appropriate and ensure clarity around model outputs and their potential privacy implications.



🚨 Silent breaches surge: long term infiltration becomes the new norm


Security researchers have raised alarms over a growing trend in data breaches: attackers no longer aim for quick data grabs, but instead embed themselves within systems for extended periods.


Reports reveal that some breaches have lasted months undetected, with adversaries slowly siphoning data and monitoring internal systems. These stealthy attacks often bypass traditional security monitoring and depend on sophisticated rootkits or compromised credentials.


They represent a shift from loud, immediate hacks to quiet, persistent threats that are harder to detect and harder to respond to.



Why it matters: The longer an attacker remains inside your network, the more data they access and the more damage they can cause—potentially turning a security event into a catastrophic compliance failure.


Lesson Learned: Move beyond basic intrusion detection. Invest in anomaly detection, threat hunting, and post-exploitation visibility. Always assume breach and prepare accordingly.


🔍 Final Reflection

This week’s stories remind us that rights without enforcement, technology without governance, and security without resilience are no longer acceptable.


California’s new deletion law underscores the power of individual agency, while the EDPS guidance reaffirms that AI innovation must operate within ethical boundaries.


Meanwhile, silent breaches remind us that vigilance must evolve as fast as the threats do.


Your Checklist for the Week


  • Double check your user data deletion mechanisms across all jurisdictions.

  • Update your AI governance playbook with the latest privacy-by-design practices.

  • Shift your security mindset from perimeter protection to proactive detection.


 
 
 

Comments

Contact Us.png

Ready to Secure Your Data?

Reach Out to Data Protection Matters Today for Expert Guidance on Protecting Your Data and Ensuring Compliance.

bottom of page