EU & UK
- The EU published non-legislative acts supplementing the DORA in the Official Journal, including the Commission Implementing Regulation (EU) 2025/302 (Reporting ITS).
- The EU published non-legislative acts supplementing the DORA in the Official Journal, including the Commission Delegated Regulation (EU) 2025/301 (Reporting RTS).
- The AEPD fined Caja Rural de Salamanca EUR 250,000 for a GDPR violation due to a data breach, which was reduced to EUR 200,000 for voluntary payment.
- The Polish UODO released an updated guide on handling personal data breaches, incorporating new regulations, case law, and practical experience.
- The Icelandic data protection authority, Persónuvernd, fined the Capital Region Health Care System ISK 5 million for GDPR and Act on Privacy and Processing of Personal Data violations.
- Apple removed advanced data protection tools for UK users amid privacy disputes.
AMERICAS
- California’s PPA fined USD 46,000 to National Public Data for not registering and paying the required annual fee under the DELETE Act, resulting in a proposed.
- California introduced a Bill on high-risk AI systems and the duty to protect personal information to the Senate.
- Oregon’s Bill requiring the Judicial Department to study privacy was introduced to the House.
- Washington’s bills for protecting children online were referred to Committees.
