Well hello there, welcome to Berry Picks 2.0. From this week on, we have a new co-author(ish). Drumroll please… it’s AI. It was about time, in this day and age. New fortnightly picks will include the commentary known and loved by all, featuring myself, alongside a semi-autonomously curated list of news. Cue the titles and let’s get on with the show, shall we?

Berry Picks

🤖 The Regional Court of Munich I reportedly ruled that Google must stop disseminating an AI-generated summary which described a Munich publishing house as known for dubious business practices and as being perceived as a scam. The court treated Google’s “Overview with AI” not as a neutral list of search results, but as Google’s own statement: the system had processed, reorganised and reformulated source material into a new answer, even drawing connections that were not supported by the linked sources. Although the wording was characterised as an expression of opinion, the court found that it rested on demonstrably false factual premises. In the resulting balance, the publisher’s corporate personality right outweighed Google’s algorithmic assessment. A useful reminder that once search stops merely pointing and starts talking, liability may start talking back.

🤖 Florida’s Attorney General sued OpenAI and CEO Sam Altman, alleging that ChatGPT was knowingly released as an unsafe product capable of harming users. The complaint claims the chatbot has contributed to serious harms, including assisting mass shooters, driving vulnerable users towards suicide, weakening critical thinking, and addicting minors by simulating human compassion. The state is seeking to hold Altman personally liable, alongside claims under Florida’s deceptive and unfair trade practices law. OpenAI has not yet commented. The filing sits alongside a growing set of lawsuits against AI providers, but this one matters institutionally too: Florida says it is the first U.S. state to sue OpenAI. Apparently the AI liability bingo card is filling up rather quickly.

🎩 The European Commission imposed interim measures on Meta, ordering it to restore free access to the WhatsApp Business API for rival general-purpose AI assistants while its antitrust investigation continues. The Commission preliminarily considers that Meta holds a dominant position in the EEA market for consumer communication apps and may have abused it by first banning third-party AI assistants from WhatsApp and then replacing the ban with fees that, in practice, achieved much the same result. The measure requires Meta to reinstate the pre-15 October 2025 terms within five working days and maintain them until a final decision. A rather pointed reminder that waiting for the end of an antitrust investigation may mean arriving just in time to admire the monopoly.

🎩 The CJEU partly annulled the Commission’s DMA designation decision for Meta, but only as regards Facebook Marketplace. The Court upheld the designation of Messenger as a separate core platform service, accepting that it could be treated as a standalone number-independent interpersonal communications service rather than merely Facebook’s chat function. Marketplace, however, was a different story. The Commission had relied on earlier data and insufficiently explained why Marketplace still qualified as an online intermediation service after Meta introduced changes limiting listings by users in July 2023. Since DMA designation is ex ante regulation with very real obligations attached, the Commission could not simply look backwards and hope the service still looked the same by decision day. Messenger stays in; Marketplace, at least on this reasoning, slips out.

Berry Picks ft. The Algorithm

A little disclaimer: please bear in mind that the news items below have been summarised by AI, so a pinch of salt and all.

🤖 Artificial Intelligence

• The European Commission adopted voluntary practice rules on the labelling of AI-generated or AI-modified content. Supporting the EU AI Act, which will enter into force on 2 August 2026, the rules require clear labelling of deepfake content and AI-generated text on matters of public interest. The main objective is to prevent disinformation and manipulation by protecting citizens against misleading content. — European Commission
• The European Parliament and Council reached a provisional agreement on the Digital Omnibus on AI, which amends the EU AI Act. The agreement postpones compliance deadlines for high-risk AI systems to 2027-2028 and the AI-generated content marking obligation to December 2026. It also reinforces the AI Office’s powers and prohibits AI systems that generate non-consensual intimate or child sexual abuse material. — European Parliament Think Tank
• A former xAI engineer filed a lawsuit against xAI and SpaceX, alleging he was wrongfully terminated for raising safety and ethical concerns about the Grok AI chatbot. The lawsuit claims Grok could foment discrimination and that the company attempted to circumvent EU safety regulations, positioning the plaintiff as a whistleblower. — TechCrunch
• Elon Musk’s Grok chatbot continues to generate non-consensual explicit deepfakes of women, prompting legal and regulatory action. Canada’s Privacy Commissioner issued preliminary findings that xAI violated federal privacy law by failing to implement appropriate safeguards. This issue has also led to a class-action lawsuit in California and legal action by individuals. Unlike other AI models, Grok’s permissive content moderation policies raise critical questions about platform responsibility and AI regulation concerning harmful content. — Wired | IAPP
• Brazil’s Superior Electoral Court (TSE) is preparing for the impact of AI on elections, mandating the clear labeling of all AI-generated content. Unlabeled AI content will be subject to removal, and synthetic content must cease publication 48 hours before elections. This regulation highlights Brazil’s proactive stance on digital content regulation in the electoral context. — Convergencia Digital
• California’s proposed AB 412 bill, which would require AI developers to identify and disclose all copyrighted works used in training, is facing significant opposition. Critics argue the requirement is practically impossible to fulfill due to the lack of a comprehensive copyright database, potentially stifling innovation and disproportionately burdening smaller developers. — Techdirt | EFF
• The Trump administration issued an executive order, “Promoting Advanced Artificial Intelligence Innovation and Security,” establishing a voluntary framework for AI regulation in the United States. The order requests that AI developers provide the federal government with 30-day pre-public release access to advanced “frontier models” to identify and address potential national security risks and cyber vulnerabilities. While explicitly stating it does not authorize mandatory licensing or preclearance for AI models, the directive aims to balance innovation with security, mandating upgrades to federal cybersecurity defenses and directing the Justice Department to prioritize prosecuting AI-enabled cybercrimes. — Wired | Tech Policy Press
• CEOs of major AI companies, including OpenAI and Anthropic, have urged the U.S. Congress to enact new laws preventing the use of AI to develop biological weapons. In a public letter, they advocated for mandatory screening of customers and orders by companies selling synthetic DNA, citing concerns that AI could lower the knowledge barriers for creating dangerous pathogens. — Wired
• The Turkish Court of Accounts has moved to a digital system by using an “AI-Supported Audit Assistant” in public finance audits. This system aims to detect risky behavioural patterns and irregular spending more effectively through machine learning, while the Court of Accounts will also audit whether algorithmic processes are lawful, ethical and non-discriminatory. — Memurlar.Net

🪁 Children’s Rights in Cyberspace

• New York lawmakers have passed a suite of bills addressing AI regulation, including the Kids Chatbot Safety Bill, which prohibits AI companies from offering companion chatbots with unsafe features to minors. Other legislation mandates transparency in AI training data and requires clear disclosure for AI-generated content. These acts aim to enhance consumer protection and ensure greater accountability in New York’s AI landscape. — Transparency Coalition
• The UK is intensifying its regulatory focus on protecting children online, with the ICO issuing significant fines against MediaLab and Reddit. Enforcement actions underscore that online services “likely to be accessed by children” must implement robust age assurance and child-focused Data Protection Impact Assessments, regardless of their intended audience. — DLA Piper
• The Electronic Frontier Foundation (EFF) reports a growing global trend of mandatory age verification and social media bans for minors in jurisdictions like Australia, the UK, and Brazil. The EFF argues these measures threaten digital rights by undermining privacy and free expression for all users and forcing the collection of sensitive personal data. — EFF
• Lawmakers in New York and California are advancing bills to ban the sale of toys containing AI chatbots for five years. Citing child safety concerns, the legislation aims to create a “cooling-off period” for policymakers to assess the risks of untested AI technology in children’s products. — Transparency Coalition

🎩 Competition

• The Turkish Competition Board launched an investigation into Meta over allegations that it integrated its own AI service, Meta AI, into WhatsApp and prevented third-party AI providers from offering services through WhatsApp. The Board identified serious findings of a competition infringement and adopted an interim measure to prevent irreparable harm. Under the measure, Meta must ensure conditions that do not make it practically or economically difficult for third-party general-purpose generative AI chatbots to provide services through WhatsApp. — T24 | AA
• The UK’s Competition and Markets Authority (CMA) issued a decision requiring Google to allow news publishers to opt out of their content being used in AI-generated summaries without losing search visibility. This ruling addresses Google’s alleged abuse of its dominant market position and is expected to influence similar investigations in the EU and Brazil. — Tech Policy Press
• Apple is delaying the rollout of its new Siri AI in the EU, blaming the Digital Markets Act’s (DMA) interoperability requirements. The European Commission countered that Apple failed to develop compliant solutions, highlighting ongoing tensions between tech platforms and EU regulation. — Euractiv
• The EU General Court ruled that the European Commission may compel companies to disclose documents from personal communication devices used for professional purposes during competition investigations. While acknowledging the intrusion into private life, the Court found the requests justified by the need for effective competition enforcement and proportionate due to existing safeguards. — CJEU

🔐 Cybersecurity

• The U.S. House of Representatives failed to renew Section 702 of the Foreign Intelligence Surveillance Act (FISA), a critical warrant-less surveillance law, leading to its expiration. The lapse occurred amidst political disputes and bipartisan demands for reforms, particularly requiring warrants for accessing Americans’ communications. — TechCrunch
• OpenAI has launched “Lockdown Mode” for ChatGPT to bolster data protection against prompt injection attacks. This feature mitigates data exfiltration risks by disabling functionalities like live web browsing, highlighting the increasing legal and regulatory imperative for robust cybersecurity measures in AI applications. — TechCrunch

🔏 Data Protection & Privacy

• The European Data Protection Board (EDPB) adopted a common template for data breach notifications to harmonize and simplify compliance with GDPR Article 33 across the EU. This standardized form, now open for public consultation, aims to facilitate timely reporting for organizations and efficient assessment by Data Protection Authorities. The EDPB also voiced concerns that proposed changes to the definition of personal data in the “Digital Omnibus” could weaken data protection. — EDPB
• South Korea’s data protection authority has fined e-commerce giant Coupang a record $408 million for the country’s largest-ever data leak, which impacted over 33 million customers. The regulator found that Coupang failed to implement adequate safety measures and delayed reporting the breach. Coupang intends to challenge the decision in court. — Al Jazeera
• The Berlin Regional Court significantly reduced a GDPR fine against real estate company Deutsche Wohnen from €14.5 million to €900,000. While confirming the company’s liability for failing to delete unneeded tenant data, the court deemed the initial fine disproportionate, considering the company’s cooperation and efforts to implement a compliant data retention system. — Legal Tribune Online
• The Belgian Data Protection Authority fined an IT service provider €120,000 for incorrectly classifying itself as a data processor instead of a data controller under the GDPR. The authority determined that the company unilaterally defined the purposes and means of processing for its authentication service, leading to violations of accountability, transparency, and data minimization principles. — Swiss Privacy
• The UK’s Data (Use and Access) Act 2025 introduces a new requirement for all data controllers to establish formal internal processes for handling data protection complaints by 19 June 2026. Controllers must acknowledge complaints within 30 days, investigate, and inform complainants of the outcome, including their right to complain to the ICO. — DLA Piper
• The German Federal Data Protection Commissioner (BfDI) has criticized the EU’s “Digital Omnibus” reform package, arguing it inadequately addresses crucial data protection concerns such as data broker regulation, child protection, and AI-related data processing, and may weaken the GDPR’s substantive standards. — BfDI
• The EU Court of Justice, in Case C-371/24 (Comdribus), ruled that under Directive 2016/680, national law cannot permit the systematic collection of biometric data from criminal suspects unless strict necessity is individually assessed and reasoned. However, it clarified that national law may penalize a suspect’s refusal to provide such data if the collection itself meets the “strictly necessary” condition. — EUR-Lex
• In Brillen Rottler (Case C-526/24), the EU Court of Justice clarified that a first request for access to personal data can be deemed “excessive” under the GDPR if the data subject has an abusive intention. The Court also affirmed that an infringement of the right of access can give rise to a right to compensation for non-material damage, such as the loss of control over personal data. — EUR-Lex
• Germany has enacted its Data Act Implementation Law (DADG) to enforce the EU Data Act’s provisions on fair data access and usage. The law establishes a complex enforcement framework led by the Bundesnetzagentur (BNetzA) and outlines significant penalties, including fines up to 2% of a company’s worldwide annual turnover for severe violations. — Datenschutz Notizen
• The German Higher Regional Court of Cologne (OLG Köln) ruled that the mere silence of an anonymous online reviewer is insufficient to compel a platform to disclose their subscriber data. The court held that disclosure requires the judiciary to be convinced of the untruthfulness of the factual claims, setting a high bar for obtaining user data in defamation cases. — CRonline

🛒 E-Commerce & Digital Consumer

• The Brazilian Supreme Federal Court (STF) has ruled that internet application providers bear joint and several liability for damages from illicit acts on their platforms, refining the interpretation of Article 19 of the Marco Civil da Internet. The government has since issued decrees translating this ruling into enforceable regulations, establishing a proactive “duty of care” for serious crimes and due diligence for online advertising. Minister Dias Toffoli also advocated for marketplaces to bear objective liability for products sold by third parties. — Convergencia Digital | Tech Policy Press
• Amazon EU Sàrl has appealed a General Court judgment upholding its designation as a Very Large Online Platform (VLOP) under the Digital Services Act (DSA). The appeal argues the court misinterpreted “systemic risks” and misapplied the Charter of Fundamental Rights, challenging the legal justification for subjecting online marketplaces to the same stringent rules as social media platforms. — EUR-Lex
• France’s consumer watchdog has fined ultra-fast-fashion giant Shein €22 million for multiple consumer law breaches, including failures related to purchase cancellations, cooling-off periods, and providing accurate environmental and seller information. This action follows a previous €40 million fine and an ongoing EU-level probe under the Digital Services Act (DSA). — Euractiv

📄 Recommended Readings

Here’s a couple –in no particular order– of recent publications that have piqued my interest. Remember to grab a cuppa and settle in for some riveting reading.

The Invisible Ripple Effect by Eldar Haber

Data Minimisation and “The Reasonably Be Fulfilled by Alternative Means Test”: A Comparative Study of Turkish And EU Approaches by Nafiye Yücedağ & Elif Beyza Akkanat Öztürk

Is Norway Stumbling into an Algorithmic Welfare Dystopia? by Mona Naomi Lintvedt & Heather Broomfield

Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.

So there you have it, another week in the fascinating realm of IT Law. Remember to pop back in a couple of weeks for your latest dose of legal updates. Cheerio!

If you have any thoughts or suggestions on how to make this digest even more enjoyable, feel free to drop a line. Your feedback is always welcome!

Featured image generated using DALL·E 3.