A newsletter once overrun by EDPB decision is now slowly spiralling into a children’s online protection special, courtesy of Australia. Thank you, friends in the South, for doing the hard work for the rest of us.
🤖 Artificial Intelligence
Swiss Finance Minister Karin Keller-Sutter has reportedly filed a defamation complaint over abusive content generated by Grok following a user prompt on X. The case goes beyond offensive output and into more structurally interesting territory, questioning whether those deploying generative systems can be held responsible where harmful uses are foreseeable. The complaint reportedly raises issues of intent and duty of care, suggesting that liability may not stop at the user but extend upstream to platform design and deployment choices. It’s time courts decided how far responsibility travels when content is not written by a human but produced by a system, isn’t it?
🪁 Children’s Rights in Cyberspace
Australia is moving from experimentation to enforcement in its under-16 social media ban, with the eSafety Commissioner reportedly investigating major platforms, including Meta, Google, Snapchat and TikTok, for suspected non-compliance. Despite early claims of cooperation, the regulator’s first compliance report points to systemic weaknesses, namely ineffective age-assurance, repeatable verification attempts, and widespread circumvention by minors. The government is now apparently signalling readiness to litigate, with potential fines of up to A$49.5 million per breach under Australia’s “world-first” regime. The shift in tone is notable. What began as a flagship regulatory experiment is now a test of enforceability, less about whether platforms can comply, and more about whether they will when faced with credible legal risk.
Australia is really amping up its game, as the Office of the Australian Information Commissioner publishes an exposure draft of its Children’s Online Privacy Code, introducing a notably strong “best interests of the child” standard. The draft goes beyond familiar transparency and consent obligations, requiring, for instance, opt-in consent for targeted advertising and a child-facing right to deletion, by embedding design duties and procedural safeguards, including notifying children when parents consent on their behalf or track their location. While clearly inspired by the UK’s age-appropriate design model, the Code pushes further in operationalising child-centric privacy, extending across apps, games, and educational services rather than social media alone. The proposal reflects a broader regulatory shift- children’s data protection is no longer framed as parental control, but as a distinct, enforceable standard of platform responsibility.
🛒 E-Commerce & Digital Consumer
The European Commission has brought infringement proceedings against Poland for failing to properly operationalise the Digital Services Act, specifically by not designating a Digital Services Coordinator, not equipping it with adequate powers, and not establishing an effective penalty regime. At one level, this is a straightforward Article 258 TFEU action following the usual letter of formal notice and reasoned opinion. At another, it is a reminder that the DSA’s much-discussed architecture ultimately hinges on national institutional readiness, without a functioning coordinator and enforcement toolkit, the system does not run. If the earlier story showed that the DSA works in practice, this one shows the precondition, Member States must first make it work.
UK’s Ofcom is doubling down on “safety by design” under the Online Safety Act, issuing legally binding notices to over 40 major platforms to submit updated risk assessments by July. This is less about paperwork and more about architecture, risk assessment is being treated as the entry point to regulation, not a compliance afterthought. Ofcom’s message is blunt: if you cannot demonstrate how harm arises from your design choices, you cannot claim to be mitigating it. Early reviews have already forced revisions and upcoming transparency requirements will push firms to publicly account for the risks they generate. Three cheers for regulation at the level of system design.
Brazil’s Advocacia-Geral da União has reportedly asked Google to deindex “nudify” sites that use AI to generate non-consensual sexualised images, pushing search engines further into the enforcement chain. The move is framed not as primary liability but as facilitation, with the AGU arguing that indexing such tools effectively normalises and amplifies access to harmful content at scale. The move is quite clearly something most jurisdictions are finally beginning to accept, that regulatory intervention needs to start earlier than individual pieces of content. It is not really about chasing specific violations, but about addressing the conditions that allow them to arise and spread in the first place.
🐆 AI in the Wild
A case out of the US offers a stark reminder that AI in law enforcement still struggles with basic reliability. A woman was reportedly jailed for over five months after being misidentified through facial recognition technology linked to Clearview . The system flagged her as a suspect in bank fraud despite clear evidence placing her in another state, with police later conceding “a few errors” and quietly banning the use of the tool involved. What is striking is that the mistake went further than an initial misidentification leading to institutional follow-through, an arrest warrant, interstate extradition, and prolonged detention. A pinch of salt and all, anyone?
📄 Recommended Readings
Here’s a couple –in no particular order– of recent publications that piqued my interest this week. Remember to grab a cuppa and settle in for some riveting reading.
The Consumer Well-Being Standard – Using Capability Economics to Conceptualize the Protection of Consumer Choice in (Digital) Competition Law by Johannes Melchior Blaschzok
Pay or consent to have your data used – the complex intersection between the DMA and data protection rules by Patricia De Moraes Paisani Matthey Claudet
*Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within.
If you’d like to see more recommended readings, visit the collection here.
Remember to pop back next week for your latest dose of legal updates!
If you have any thoughts or suggestions on how to make this digest more enjoyable, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
