EU & UK
- The Dutch AP announced that it will end its supervision of the Municipality of Eindhoven following concerns about the municipality’s data management practices.
- The Italian CAN has issued an update allowing companies that completed the first step of registration under NIS 2 Directive to finish the process by March 10, 2025.
- The NO FAKES Act of 2025, introduced as House Bill 566 in Georgia, establishes that individuals or right holders can authorize the use of their voice or visual likeness in digital replicas.
- ICO launched investigation into use of children’s personal information by social media and video sharing platforms.
- CJEU ruled in Case C-203/22 that individuals have the right to understand the “procedure and principles actually applied” in making automated decisions.
AMERICAS
- FTC announced refund claims process for Avast Customers impacted by deceptive privacy claims.
- Attorney General Griffin sued General Motors and OnStar for deceiving Arkansans and unlawfully selling data.
- CPPA reached a settlement agreement with Background Alert, Inc., for failing to register and pay an annual fee as required by the Delete Act.
- Temporary restraining order granted to prevent Elon Musk’s DOGE liaisons from accessing personally identifiable information.
ASIA PACIFIC & INDIA
- The European Union and India held the second ministerial meeting of the EU-India Trade and Technology Council (TTC) yesterday in New Delhi.
- The PIPC of South Korea fined two companies for data breaches resulting in the leak of personal information of over 700,000 individuals.
- Malaysia’s Department of Personal Data Protection (PDP) issued two Circulars outlining guidelines for appointing DPOs and for data breach notifications.
