2025 Privacy Predictions

Stine Mangor Tornmark
Written by
Stine Mangor Tornmark
on
January 2, 2025

Happy New Year!

As we step into 2025, let’s reflect on last year’s major privacy developments and explore the key trends, predictions, and plans shaping the year ahead.

Data Protection 2024: Key Highlights

  1. EU AI Act Entered Into Force
    The EU AI Act officially took effect on August 1, 2024, becoming the first comprehensive legal framework for AI systems. The Act uses a risk-based approach, balancing innovation with regulation to prevent harm to health, safety, and fundamental rights.

  2. NIS2 Directive Kickoff
    By October 17, 2024, all EU Member States were required to transpose the Network and Information Systems Directive 2 (NIS2) into national law. This directive strengthens critical infrastructure security, requiring stricter cybersecurity measures and incident reporting. Comprehensive compliance guides are available from the European Union Agency for Cybersecurity.

  3. Fines and Delays for Big Tech
    Major fines for big tech and social media platforms reshaped their operations in the EU. Companies like Apple and Meta postponed the launch of new AI services due to heightened scrutiny.

So with these things happening in 2024, what can we expect in 2025?

Here are some of our (Ausra and Stine) predictions, i.e. It’s not certain and no one knows what will happen in 2025. Please keep this in mind.  

Looking Ahead to 2025

1. New U.S. Privacy Laws

Eight new state-level privacy laws will take effect in 2025, bringing the total to 17. Three will take effect in January:

  • Delaware Personal Data Privacy Act (DPDPA) – January 1
  • Nebraska Data Privacy Act (NDPA) – January 1
  • New Jersey Data Privacy Act (NJDPA) – January 15

So the U.S. privacy landscape is going to grow in complexity in 2025.

2. Europe’s AI Focus

The EU AI Act, now in effect, categorizes AI systems by risk levels. New provisions, such as the private right of action, take effect in February 2025. Enforcement for high-risk AI systems begins in August 2025.

So many inhouse legal teams will need to increase their focus on AI governance and compliance in 2025.

3. AI and Data Privacy

Data protection authorities will most likely start more investigations into generative AI. First decisions will come, which would set a precedent for the following decisions. Most probably, the first decisions will come against the providers of generative AI models but later against businesses using customer and employee data to feed generative AI models.

We also expect that more EU data protection authorities will issue more guidance on the intersection between GDPR and AI.

4. Cybersecurity Focus

With the focus on cyber-attacks in 2024 and with regulations like NIS2, DORA etc., organizations must prioritize robust security measures and many privacy & legal teams will likely get involved in this, e.g. in connection with awareness training etc.

5. Social Media and Privacy

Australia’s ban on social media for children under 16 underscores the global push for stricter privacy measures. Platforms like Meta and TikTok continue to face penalties for mishandling user data and we expect that we’ll see more fines and penalties in this area in 2025.

Looking Ahead

2025 promises to be a transformative year for data privacy, with AI taking center stage. Navigating new U.S. state laws, adapting to AI regulations, and implementing advanced privacy tools will be key to building trust and avoiding penalties.

Join our in-house legal & privacy community

Join one of the fastest growing legal communities in Europe. Learn, share, connect and meet inspiring legal professionals, leaders and experts all for free.
Openli community
Apply to join

Privacy Newsletter

Sign up for a regular dose of news and updates from the legal landscape.