EMEA
- European Commission introduced whistleblower tool for Artificial Intelligence Act.
- France’s CNIL imposed EUR 750,000 fine on online magazine publisher for cookie consent violations.
- Spanish Commercial Court ordered Meta to pay EUR 479 million to digital press publishers for GDPR related violations.
- EU Commission launched investigations into cloud computing services under the Digital Markets Act.
- European Supervisory Authorities released list of critical ICT third-party providers under Digital Operational Resilience Act.
- German Data Protection Conference proposed GDPR amendments to reinforce data protections for children.
- German Parliament approved legislation to implement the NIS2 Directive.
- Turkish Data Protection Authority released a guide on generative AI and personal data protection.
- CJEU dismissed Amazon’s challenge to its designation as a Very Large Online Platform under the Digital Services Act.
Americas
- US national security agencies released a guide on mitigating risks from bulletproof hosting providers.
- California Privacy Protection Agency (CPPA) released a public infographic highlighting key considerations ahead of the January 2026 CCPA updates.
- Canadian privacy regulators jointly called for enhanced protection of children’s privacy in the EdTech ecosystem.
- Massachusetts’ Consumer Data Privacy Bill referred to legislative committee for further review.
- California AG reached USD 1.4 million settlement with a mobile gaming company for breach of CCPA.
- Algorithm Accountability Bill introduced in the US Senate.
- CPPA established Data Broker Enforcement Strike Force to investigate privacy violations and opposed federal efforts to block state protections for advanced technologies.
