ARTICLE
3 September 2025

Fasken's Noteworthy News: Privacy & Cybersecurity In Canada, The US And The EU (August 2025)

F
Fasken

Contributor

Fasken logo
Fasken is a leading international law firm with more than 700 lawyers and 10 offices on four continents. Clients rely on us for practical, innovative and cost-effective legal services. We solve the most complex business and litigation challenges, providing exceptional value and putting clients at the centre of all we do. For additional information, please visit the Firm’s website at fasken.com.
Explore Firm Details
Lexpert Firm Profile
This is a monthly bulletin published by the Privacy and Cybersecurity Group at Fasken with noteworthy news and updates.
Worldwide Privacy
Sam Delechantos,Julie Uzan-Naulin, and Christopher Ferguson
Your Author LinkedIn Connections

Privacy & Cybersecurity in Canada, the US, and the EU

This is a monthly bulletin published by the Privacy and Cybersecurity Group at Fasken with noteworthy news and updates. If you have any questions about the items in this bulletin, please contact any member of the Privacy and Cybersecurity Group and we will be pleased to assist.

Canada

Canada Launches 2025 Cyber Security Cooperation Program

On August 14, 2025, the Honourable Gary Anandasangaree, Minister of Public Safety, announced a new call for proposals under the 2025 Cyber Security Cooperation Program (CSCP). With up to $10.3 million in funding available over five years, CSCP 2025 aims to strengthen Canada's cyber resilience by supporting initiatives focused on cybersecurity innovation, capacity building, and knowledge sharing. The program is a key part of Canada's updated National Cyber Security Strategy and is open to grassroots and institutional applicants. Organizations interested in applying should review the program's priority areas and Terms and Conditions on the CSCP webpage.

Privacy Commissioner of Canada Publishes Guidance on Biometrics

On August 11, 2025, the Office of the Privacy Commissioner of Canada (OPC) released updated guidance for public and private sector organizations on the use of biometric technologies such as facial recognition and fingerprint scanning. The guidance follows a public consultation held between November 2023 and February 2024, during which the OPC received written submissions and met with organizations representing academia, civil society, business, legal associations, public institutions, and individuals. Feedback from these sessions informed revisions that, in the OPC's view, clarified key definitions, aligned the guidance more closely with legal requirements, refined technical explanations and best practices, adjusted approaches to consent and appropriate purpose in the private sector, and emphasized lawful authority and risk assessment in the public sector. The final guidance outlines considerations around purpose, proportionality, consent, transparency, safeguards, accuracy, and testing when implementing biometric initiatives.

The guidance may be found below:

Europe

European Commission Issues Guidelines on Protection of Minors

On July 14, 2025, the European Commission published guidelines on the protection of minors under the Digital Services Act ("DSA"). The guidelines aim to safeguard minors online and include measures to address risks such as grooming, harmful content, cyberbullying, and exploitative commercial practices. The guidelines are voluntary, but the Commission has noted that the guidelines will be used as a benchmark for compliance with the DSA.

Commission Opinion on the Assessment of the General-Purpose AI Code of Practice

The EU Commission and the AI Board have confirmed that the GPAI Code of Practice, developed by independent experts, is an adequate voluntary tool for providers of GPAI models to demonstrate compliance with the AI Act. The Commission's assessment—conducted in coordination with the European AI Office and the AI Board—finds that the Code sufficiently addresses the obligations outlined in Articles 53 and 55 of the AI Act, which set rules for documentation, copyright observance, risk identification, safety measures, and serious incident reporting.

United States

California Adopts New Privacy Regulations

On July 24, 2025, the California Privacy Protection Agency announced that their Board unanimously voted to adopt proposed regulations under the California Consumer Privacy Act. The regulations address automated decision-making technology, cybersecurity audits, risk assessments, and requirements for insurance companies, among other updates.

In Case You Missed It!

The Fasken Privacy and Cybersecurity group published the following articles recently, that might be of interest.

About Fasken's Privacy and Cybersecurity Group

As one of the longest-standing and leading practices in privacy and cybersecurity, our dedicated national privacy team of over 30 lawyers offers a wide range of services. From managing complex privacy issues and data breaches to advising on the EU General Data Protection Regulation and emerging legal regimes, we provide comprehensive legal advisory services and are trusted by top cyber-insurance carriers and Fortune 500 companies. Our group is recognized as a leader in the field, earning accolades such as the PICCASO 'Privacy Team of the Year' award and recognition from Chambers Canada and Best Lawyers in Canada. For more information, please visit our website.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Sam Delechantos
Sam Delechantos
Photo of Julie Uzan-Naulin
Julie Uzan-Naulin
Photo of Christopher Ferguson
Christopher Ferguson
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More