EU & UK
- Recent comments by NOYB’s Honorary Chair hinted he might not need to challenge EU-U.S. data flows, given U.S. political developments affecting the Data Privacy Framework.
- The ICO issued a EUR 3M fine to software provider Advanced in the wake of security failings that led to significant disruption to NHS customers.
- An administrative fine of EUR 100,000 imposed by the Belgian DPA on a telecommunications controller for a delay in responding to a request for access to personal data.
- The French CA fined Apple EUR 150 M for the implementation of App Tracking Transparency (ATT) systems, which complicate third-party app usage and undermine informed consent collection.
- The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR on a Geo Alternativa for not complying with advertisement exclusion.
- The UK ICO issued guidance on March 28, 2025, detailing anonymization and pseudonymization within the UK legal context.
AMERICAS
- A House subcommittee hearing on children’s online safety legislation shifted focus to the removal of Democratic FTC commissioners.
- The California Privacy Protection Agency Board published the latest draft of ADMT regulations ahead of the board meeting.
- EU companies are reconsidering the use of US cloud providers because of the US administration and what they said about Greenland.
- Bill amending California Invasion of Privacy Act wiretapping provisions passed second reading in Senate.
- The Federal Trade Commission (FTC) issued a letter concerning the bankruptcy of 23andMe, Inc., addressing the handling of consumers’ sensitive personal information.
ASIA PACIFIC
- The Cyberspace Administration of China (CAC) decided to partner with government departments in 2025 to combat illegal and improper personal data collection across various services.
- Taiwan’s Executive approved the draft Personal Information Protection Commission Organization Act and amendments to the 2010 Personal Data Protection Act.
