EU & UK
- The European Union Agency for Cybersecurity (ENISA) opened a call for public comments on its Implementing Guidance, which is related to the NIS 2 Directive.
- ICO published recommendations for developers and providers of AI recruitment tools.
- The President of the Personal Data Protection Office fined two municipal institutions in Kutno PLN 15,000 and PLN 20,000 for inadequate technical and organisational measures that led to a personal data breach.
- The Information Commissioner of Slovenia fined the DODO PIZZA franchise EUR 25,000 for unlawfully monitoring employees via CCTV and broadcasting the footage live on their website.
- EDPB adopted its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement.
AMERICAS
- OCR settled with the private healthcare provider for USD 500,000 following HIPAA security rule violations.
- FTC published a proposed order against Sitejabber for artificially inflating ratings and reviews without consent.
- The U.S. Supreme Court debated Meta’s attempt to dismiss a securities fraud lawsuit in which shareholders accused Facebook of misleading them about user data misuse.
- Oracle’s USD 115 million privacy settlement faced some opposition from class members.
