EU & UK
- The ICO fined AFK Letters GBP 90,000 and issued an enforcement notice for violating the PECR by making 95,277 unsolicited marketing calls without valid consent.
- BEUC wrote to the executive VP and Commissioner to urge them not to reopen the GDPR and to instead enforce this important law that protects consumers’ personal data.
- The Polish authority UODO announced that data controllers must inform individuals of their right to lodge a complaint with the supervisory authority as per GDPR Articles 13 and 14.
- DORA mandated financial entities in the EU to include specific contractual provisions in their agreements with ICT third-party service providers to manage risks.
- NOYB filed a GDPR complaint against Ubisoft for allegedly requiring an internet connection for single-player games to collect user data.
- CNIL requested public comments on a draft recommendation for collecting multi-terminal consent, which involves obtaining user consent across various devices.
AMERICAS
- The U.S. House Committee sent a letter to DeepSeek, notifying it of an investigation after the company revealed it had stored user data on Chinese servers.
- The U.S. House Committee on Energy and Commerce is investigating 23andMe’s bankruptcy filing, expressed concern that its genetic data is “at risk of being compromised.
- After Google announced it would drop its plan to end third-party cookies, the World Wide Web Consortium reiterated its concerns and insisted they must be removed.
- HHS Office for Civil Rights settled a phishing attack breach with Health Care Network for USD 600,000.
ASIA PACIFIC
- South Korea’s PIPC shared initial findings on DeepSeek, citing a missing Korean privacy policy, unauthorised data transfers to China and the US.
- The Philippines’ NPC and Bermuda’s Privacy Commissioner signed a Memorandum of Understanding to enhance data privacy collaboration and cross-border enforcement.
