Issue 297

International

  • 28th January would be globally observed as Data Privacy Day, highlighting the importance of protecting personal information in today’s world..

APAC

  • Indian Ministry of Electronics and IT indicated that compliance timelines under the data protection law for large technology companies may be shortened.
  • Deepfake Prevention and Criminalization Bill introduced in the Indian Parliament.
  • Amendments to China’s Cybersecurity Law officially took effect.
  • Vietnam’s Personal Data Protection decree entered into force.
  • New Zealand’s Office of the Privacy Commissioner released a statement on a data breach of health information management platform.
  • Brunei Darussalam’s Personal Data Protection Order approved and published in the official Gazette.

EMEA

  • UK’s Information Commissioner Office unveiled plans to foster responsible agentic AI.
  • Italian data watchdog fined a multi-utility company EUR 300,000 for data security failures.
  • Belgian Data Protection Authority released its Strategic Plan for the period 2026-2028.
  • Latvia’s Data Inspectorate released a preventive inspection report on residential building management services.
  • Norway’s Health Directorate issued updated guidelines recommending reduced screen use for children and youngsters.
  • Datatilsynet, the Danish Data Protection Authority outlined its supervisory focus areas for 2026.
  • Finnish Data Protection Ombudsman updated its FAQs on personal data processing in the context of housing and housing companies.
  • Swedish Privacy Protection Authority published guidance on privacy-friendly AI training using synthetic data.
  • Slovakia’s Personal Data Protection Office raised concerns over the ongoing transfer of TikTok user’s personal data to China.
  • Turkish Personal Data Protection Authority announced a data breach in an electricity distribution company.

Americas

  • The US – FTC reached a settlement of USD 10 million with an entertainment company over alleged violations of the Children’s Online Privacy Protection Act.
  • Indiana’s Consumer Data Protection Act formally entered into force.
  • Law on data breach notification took effect in California, requires organisations to notify breach within 30 days.
  • Virginia’s law on social media platforms, restricting addictive feeds, became effective.
  • Attorney General of New York secured a USD 500,000 settlement with a healthcare provider for failures in safeguarding patient data.
  • Consumer data privacy legislation entered into force in Kentucky.
  • Ecuador’s Data Protection Superintendency adopted the Institutional Regulatory Plan for 2026.
  • Rhode Island’s Data Transparency and Privacy Protection Act became effective.
  • Illinois bill limiting predictive data analytics in hiring and credit took effect.