EU & UK
- Garante fined ARSAC EUR 50,000 for unlawful processing of employee geolocation data.
- The Netherlands Authority for Consumers and Markets (ACM) has introducedthe DSA check, which is an online tool with which owners of websites or apps.
- The UK and India concluded talks on a free trade agreement that includes provisions on data transfers, protecting businesses from forced source code transfers.
- The UK’s Data (Use and Access) Bill, passed its third reading in the House of Commons, outlines legitimate interests for data processing.
- The EDPB and EDPS published a letter supporting the European Commission’s proposal to simplify GDPR recordkeeping obligations.
AMERICAS
- CPPA Board has ordered Jerico Pictures National Public Data to pay a USD 46,000 fine for failing to register and pay an annual fee as required by the Delete Act.
- US Customs and Border Protection asked tech companies to send pitches for a real-time face recognition tool that would take photos of every single person in a vehicle at a border crossing.
- AG of U.S. has put TP-Link, Alibaba, CapCut, and several other CCP-aligned companies on notice that they are violating Texans’ privacy rights.
- The UN has developed a new cyber-attack assessment framework, building on and complementing existing models like the MITRE ATT&CK framework.
ASIA PACIFIC
- The EU and Singapore signed a Digital Trade Agreement on cross-border data transfers to secure data flows and access to digital opportunities.
- New Zealand’s Social Media Age-Restricted Users Bill was introduced to Parliament.