EU & UK
- The U.K. Data (Use and Access) Act was given Royal Assent on 19 June 2025.
- Following a public consultation, CNIL issued recommendations for AI developers to establish a legitimate interest for data processing under the EU GDPR.
- ICO published guidance on the Data (Use and Access) Act (DUAA), which updates data protection law by clarifying personal information use for research.
- The European Parliament Committee on Employment and Social Affairs published a draft report recommending a Directive on algorithmic management in the workplace.
- AEPD published a note addressing the processing of personal data by accommodation services, emphasising that collecting a copy of a client’s ID.
- NOYB filed lawsuits against the German DPA for not issuing decisions on complaints about ‘Pay or OK’ systems.
AMERICAS
- The G7 Data Protection and Privacy Authorities Roundtable announced new commitments stemming from its latest summit hosted by the Office of the Privacy Commissioner of Canada.
- U.S. President Donald Trump extended the deadline for ByteDance to sell social platform TikTok by 90 days.
- The man who killed and wounded Minnesota state legislators allegedly used data broker websites to obtain information about victims and potential targets.
- Attorney General James Uthmeier issued subpoenas to companies selling medical devices, sending patient data to China.
ASIA PACIFIC & INDIA
- The Cyberspace Administration of China sought feedback on its methods for the classification of internet information that may affect the privacy framework for minors.
- India’s TRAI announced a pilot project for digital consent management in collaboration with the Reserve Bank of India, addressing spam complaints from consumers.
