EU & UK
- EU Think Tank releases new GDPR procedural rules for swift resolution of cross-border cases.
- Global Privacy Assembly adopted several international resolutions on the use of AI.
- EDPB adopted opinions on the UK’s adequacy decisions under the GDPR and the Law Enforcement Directive.
- Isle of Man Information Commissioner opened a public consultation on data protection registration fees.
- UK’s ICO fined Capita 14 million pounds for a data breach of more than six million individuals.
- EDPB announced the topics for Coordinated Enforcement Framework 2026.
- Dutch Data Protection Authority fined Experian EUR 2.7 million for multiple privacy violations
- UK ICO launched a consultation on proposed “charitable purpose soft opt-in” rules aimed at supporting responsible fundraising activities.
- Guernsey Data Protection Authority imposed a EUR 100,000 fine on MSG for inadequate security measures.
Americas
- New York AG reached a USD 60,000 settlement with an accounting firm over failures to safeguard personal data.
- Ontario’s Information and Privacy Commissioner updated its de-identification guideline for Structured Data.
- New York Department of Financial Services issued guidance on managing third-party cybersecurity risk.
- Florida AG filed a civil action against Roku for alleged violations of the Digital Bill of Rights
- Attorney General of New York secured USD 14.2 million in settlements from car insurance companies for multiple data breaches.
- Texas Governor signed new laws promoting child online safety and mandating phone-free classrooms in schools.
APAC
- Australian Cyber Security Centre publishes guidance on cloud shared responsibility model and mitigations for network defense.
- Indian IT Ministry proposed amendments to the IT Rules to address synthetically generated and AI-manipulated content.
- Hong Kong PCPD publishes its annual report outlining key enforcement actions and policy initiatives.
