EU & UK
- Datatilsynet and Digitaliseringsstyrelsen published joint guidance on cookies and similar technologies.
- The Hanover Administrative Court ruled in a case that cookie consent banners must include a ‘Reject all’ button if an ‘Accept all’ option is present.
- DPC published a statement on Meta Platforms Ireland Limited’s use of AI, highlighting concerns about using adult personal data to train LLMs in the EU/EEA.
- The French SA fined SOLOCAL EUR 900,000 for failure to comply with the obligation to obtain the consent of individuals to receive commercial prospecting by electronic means.
- The Italian Supervisory Authority fined the company behind the chatbot “Replika” for alleged infringements of legal basis for the data processing.
- The Office of the Data Protection Ombudsman in Finland published guidelines for ensuring the lawful use of personal data in AI systems.
AMERICAS
- The U.S. Federal Trade Commission finalised its order against GoDaddy after the company allegedly misled consumers about its data protection safeguards.
- U.S. Department of Government Efficiency was alleged of deploying social platform xAI’s Grok chatbot to analyse federal government data.
- Consumer Reports found grocery chain Kroger allegedly used consumers’ personal information to create marketing profiles, sharing sometimes inaccurate user data with advertisers.
- A Massachusetts man agreed to plead guilty to charges related to hacking into a major education technology company and accessing thousands of students’ sensitive data.
- Transcend said it will launch its Custom Functions tool, allowing businesses to automate their privacy operations systems to comply with privacy regulations.
ASIA PACIFIC
- The Cyberspace Administration of China released the measures for the administration of national network identity authentication public services, which regulate online identity authentication services for natural persons.
