Portugal: CNPD issues Opinion on bill for protecting minors online
The CNPD stressed that the processing of children's personal data must comply with #GDPR principles and issued recommendations.
Learn more: https://bit.ly/47mhrmP
Portugal: CNPD issues Opinion on bill for protecting minors online
The CNPD stressed that the processing of children's personal data must comply with #GDPR principles and issued recommendations.
Learn more: https://bit.ly/47mhrmP
Germany: Bundestag announces first reading of bill modernizing product liability law, seeking to reform the existing framework, on March 4, 2026.
Check it out: https://bit.ly/4ra1yqB
Israel: PPA issues Opinion on valid consent.
The PPA issued guidance clarifying when consent is valid under privacy law, emphasizing informed, freely given, and active consent.
Learn more: https://bit.ly/4kUwUA4
Poland: UODO fines DPD Polska PLN 11M for GDPR violations.
The fine follows findings that DPD Polska failed to put required GDPR safeguards in place when external carriers accessed personal data during courier operations.
Read on: https://bit.ly/3OBRR6Z
Thailand: PDPC issues rules on Binding Corporate Rules.
Thailand has issued new regulations establishing a framework for approving BCRs to enable lawful crossβborder data transfers under the PDPA.
Learn more: https://bit.ly/4liCuwF
USA: Treasury publishes resources on AI use in financial sector.
The U.S. Department of Treasury has released new AI guidance for the financial sector, including a common AI lexicon and a tailored AI risk management framework.
Check it out: https://bit.ly/4tTqGod
California: Bill on whistleblower protection introduced to State Assembly.
The bill would add whistleblower protections to the CCPA, including financial incentives for reporting privacy violations.
Explore more: https://bit.ly/40x7XkR
France: CNIL launches public consultation on draft recommendation for session replay tools.
France's CNIL has opened a public consultation on draft GDPR guidance for session replay tools used to track user behavior online.
Check it out: https://bit.ly/4tZhi2n
USA: FTC issues COPPA policy statement to incentivize age verification technologies.
The FTC announced it will exercise enforcement discretion under COPPA when personal data is used solely for age verification, subject to strict safeguards.
Read now: https://bit.ly/3OuFCcq
Connecticut: OAG releases memorandum on application of existing laws to artificial intelligence.
Connecticut's AG has issued guidance explaining how existing state laws apply to AI systems, covering civil rights, privacy, consumer protection, and competition risks.
Read now: https://bit.ly/4sfvSBl
West Virginia: Bill proposing Biometric Information Privacy Act introduced.
The bill would introduce a comprehensive biometric privacy framework in West Virginia, regulating how private entities collect and use biometric data.
Check it out: https://bit.ly/4cKchob
Utah: Bill amending App Store Accountability Act passes third reading in House.
Utah lawmakers advance a bill tightening app store rules on minors, age verification, and parental consent.
Learn more: https://bit.ly/4aDUhuk
UK: ICO finesβ―Reddit Β£14.47 million for children's privacy failures.
The ICO found Reddit processed data relating to children under the age of 13 without a lawful basis, exposing them to potential harm.
Check it out: https://bit.ly/4aSRfBo
California: Bill on privacy settings introduced to Assembly.
The bill requires apps and operating systems in California to use the strongest default privacy settings and obtain user consent before any changes.
Read more: https://bit.ly/4kTGIKQ
Kansas: Bill on App Store Accountability Act passes Senate.
The bill requires app stores to verify users' ages, link minor accounts to parents, and obtain parental consent for downloads and purchases.
Explore more: https://bit.ly/472ASAT
New York: Bill for the New York Health Information Privacy Act introduced in Senate.
The bill introduces strict protections for individuals' health information in New York, limiting how regulated entities can use or share it.
Check it out: https://bit.ly/4s1Noc2
California: Bill amending time period to process deletion requests introduced and read for first time.
The bill would require data brokers to complete consumer deletion requests in 30 days instead of 45.
Explore more: https://bit.ly/4tWlIHy
UK: Court of Appeal allows ICO's appeal on DSG Retail Ltd ruling.
The Court allowed the ICO's appeal, ruling DSG must protect all identifiable personal data and sent the case back to the First-tier Tribunal.
Check it out: https://bit.ly/4tOBx2G
California: Bill on wearable recording devices introduced to State Senate and read for the first time.
California Senate Bill 1130 would ban using wearable devices to record others in private areas without consent.
Read more: https://bit.ly/4qNudSf
Oklahoma: Comprehensive Data Privacy Bill passes both houses.
The bill establishes obligations for controllers and processors, with enforcement by the AG, and becomes effective on July 1, 2026.
Explore more: https://bit.ly/4aswmxZ
USA: NIST announces AI Agent Standards Initiative.
The Initiative is a federal effort aiming to ensure that the next generation of autonomous AI agents can operate securely, reliably, and interoperably across digital environments.
Learn more: https://bit.ly/3Or69Hx
Texas: AG sues Temu over data collection practices.
The AG sued Temu for deceptive data collection practices in violation of the Texas DTPA, seeking remedies including injunctive relief and civil penalties.
Check it out: https://bit.ly/4aCY61C
China: MIIT opens consultation on five draft national standards for automated driving systems, and comments can be submitted in writing or via email until April 13, 2026.
Learn more: https://bit.ly/3OQivJb
Italy: ACN adopts taxonomy of incidents triggering notification obligation.
The ACN noted that the objective is to react quickly to cyberattacks and better protect the country's services, data, and digital infrastructures.
Check it out: https://bit.ly/3ZLqWYE
EU: EDPB adopts 2025 CEF report on challenges to the right to erasure by controllers.
The EDPB noted that 32 DPAs participated in the CEF, highlighting challenges and positive examples in implementing the right to erasure under the GDPR.
Read now: https://bit.ly/4qK0WrG
Belgium: FSMA updates on DORA registers of information.
The FSMA clarified DORA reporting requirements for various financial entities, with a submission deadline of March 20, 2026.
Explore more: https://bit.ly/3ZJ03Vm
EU: EBA publishes new set of Q&As on DORA.
The answers covered topics including exemptions for public authorities and the classification of phishing attacks as reportable major ICT-related incidents.
Check it out: https://bit.ly/4030j1H
Spain: AEPD publishes guidance on the data protection considerations when using agentic AI.
The guidance highlights risks and recommended measures for #GDPR compliance, including implementing data minimization controls and human supervision.
Read now: https://bit.ly/4kL301e
USA: EPIC calls on FTC and states to block Meta's facial recognition in smart glasses.
EPIC highlighted that the smart glasses could enable stalking, harassment, and other forms of abuse as well as identify individuals in sensitive locations.
Learn more: https://bit.ly/4rWneaO
Spain: AEPD warns Tools for Humanity for planned biometric data processing.
The AEPD issued the warning due to an insufficient DPIA and lack of clarity for data subjects.
Read more: https://bit.ly/4apJTq8