I'm exploring new engagements! If your team needs expertise in cybersecurity, risk assessment, tech policy, regulations (GDPR, etc.), tech standards, strategic insight, or even well-informed Comms/PR, let's talk! Open to contract, or flexible roles. DM or me@lukaszolejnik.com.

The changes are very far‑reaching. It's an architectural change. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/t…

My analysis of the leaked #GDPR overhaul proposal. Some changes are great. Some risk decreasing privacy protections.

My comment in @Telegraph on AI propaganda. When it happens through AI/LLM models it may well be an info-laundry. Instead of reading a dubious site, you see it in a 'respected' AI output. Today, millions of people trust chatbots more than sources. Even when those sources poisoned the AI, because who knows about it? Russia, China & other state actor may flood the web with propaganda and disinformation designed to poison AI output. AI itself is also the information warfare battlefield. In extreme case, what is it the chatbot you trust? It reprint from the lies you'd never click on! telegraph.co.uk/business/202…

Cookie-consent is killed. Except for news sites/media. DO NOT TRACK IS BACK. (wired.com/story/a-second-lif…). "1. The data subject shall be able to [give consent or] refuse a request for consent and exercise the right to object pursuant to Article 21(2) through automated and machine- readable means. 2. Controllers shall ensure that their online interfaces are able to interpret the automated and machine-readable indications of data subjects’ [acceptance or] refusal or acceptance to a request for consent and the exercise of the right to object as referred to in paragraph 1 and respect those indications. This obligation shall apply [6 months] following the publication of the harmonised standards pursuant to paragraph 4. 3. The obligation pursuant to paragraph 2 shall not apply to controllers that are media service providers when providing a media service."

If thought corrupts language, language can also corrupt thought. When AI trains on propaganda, it repeats the propaganda. AI agents can do so even without explicit training.

The Bank of England indicated that the cyberattack on Jaguar Land Rover significantly slowed national gross domestic product growth. Plants were idle for about a month, the government provided financial support, and the effects spread across Jaguar Land Rover’s extensive supply chain. The incident was classified as a category-three systemic event, with a potential cost to the local economy of up to £2.1 billion, while Jaguar Land Rover’s lost revenues alone are estimated at more than £2 billion. This is one of the first cases in which a single cyberattack has produced such clear economic and fiscal effects in the United Kingdom. bankofengland.co.uk/monetary…

Is the AI bubble popping? No. However... After Jensen Huang (Nvidia CEO) said "China is going to win the AI race", citing cheaper energy and fewer regulations, Nvidia stock lost ~$500 BILLION in market cap in just one week (dropping from $4.94T to $4.45T). At the same time, a powerful Chinese AI model Kimi K2 Thinking just topped global benchmarks, beating GPT-5 and Claude Sonnet 4.5 on key tests. It was extremely cheap to train, reportedly costing only $4.6 million (compared to the billions spent by OpenAI). It's also 4x cheaper to use than GPT-5. The takeaway? None.

Some of the #GDPR modifications intended to be made by @EU_Commission may be illegal (so expect shooting it down by EU top Court). But it's not final, of course.

New Chinese AI models (Kimi K2) trained on the cheap (for few millions).

Just when European Commission is modernizing #GDPR to easily block third-party cookies by default, Google/Chrome started to remove the components of Privacy Sandbox :)

Data Governance Act (Regulation (EU) 2022/868) is repealed (i.e. killed). Probably good. I hope that someone still got promoted for passing this one ;) This one is also killed: Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services, as well as this one: Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union

Cool: Article 41a [mechanism to accompany the state of the art advancements for pseudonymisation technologies.] #GDPR

They actually CHANGE the definition of personal data! in #GDPR "Information relating to a natural person is not necessarily personal data for every other person or entity, merely because another entity can identify that natural person. Information shall not be personal for a given entity where that entity cannot identify the natural person to whom the information relates, taking into account the means reasonably likely to be used by that entity. Such information does not become personal for that entity merely because a subsequent recipient has means reasonably likely to be used to identify the natural person to whom the information relates" -- it is very helpful in some cases, but may introduce loopholes.

Wow, if @EU_Commission #GDPR modification proposal passes, AI will be able to train on sensitive data! "The development of certain AI systems and AI models may involve the collection of large amounts of data, including personal data and special categories thereof. In order not to disproportionately hinder the development and operation of AI derogating from the prohibition on processing special categories of personal data under Article 9(2) of Regulation (EU) 2016/679 should be allowed." It will also put a stop to TROLLING and misusing #GDPR by certain individuals: "the right of access, which is from the outset favourable to data subjects, should not be abused or exploited by them for purposes other than the protection of their data. For example, such an abuse of the right of access would arise where the data subject intends to cause the controller to refuse an access request, in order to subsequently demand the payment of compensation, potentially under the threat of bringing a claim for damages. Other examples of abuse include situations where data subjects make excessive use of the right of access with the only intent of causing damage or harm to the controller"

Ok, European Commission proposals to change #GDPR definitely weaken data protection and privacy of users. More to follow.

My comment concerning the pre-leaked plan to update/modernise EU Data Protection laws #GDPR/#ePrivacy/#AIact - later today :) But there's LOTS to unpack. Some of the proposals are great. Let's hope they reach the final file.

What will happen if superintelligence (AI) emerges? Global GDP will drop to zero. This is the pessimistic scenario where machines become hostile, ultimately leading to the extinction of humanity. dallasfed.org/research/econo…

The AI Act modifications are also interesting in the leak.

So to say, I'm not new to this business :) Indeed some of the proposal contents hold gems from a technology point of view. Finally some opportunity to make #GDPR and #ePrivacy as they always should be! blog.lukaszolejnik.com/tag/e… blog.lukaszolejnik.com/tag/g… blog.lukaszolejnik.com/tag/p…