APAC
- Indian government amended the IT Rules to require social platforms to take down AI-generated deepfake content within 3 hours.
- The FICCI-EY Risk Survey 2026 identified cybersecurity breaches as the top risk facing Indian businesses.
- South Korean data watchdog imposed a fine of KRW 707.8 million on the National Research Foundation for inadequate safety measures.
- Japan’s Personal Information Protection Commission updated its Business Guide to support compliance under the data protection framework.
- China’s Technical Committee 260 released first batch of National Cybersecurity Standard Requirements for this year.
- Office of Australian Information Commissioner published a statement on Administrative Review Tribunal’s decision on a retail company’s use of facial recognition.
EMEA
- EU Commission invited feedback on draft guidelines on the calculation of reasonable compensation under the Data Act.
- UK’s Information Commissioner Office announced investigation into an AI system for generating non-consensual inappropriate images.
- France’s CNIL fined a public employment platform EUR 5 million for failing to secure job seekers’ data.
- Germany’s Financial Supervisory Authority issued guidance on ICT risks in AI use at financial entities.
- Italian data protection authority imposed a fine of EUR 40,000 on an optical manufacturing company for accessing and retaining former employees’ emails after their departure.
- European Commission created a Signatory Taskforce for General-Purpose AI Code of Practice.
- Denmark’s Data Protection Authority responded to an inquiry on data processing agreement terms on personal data transfer to third countries.
- Sweden’s Privacy Authority imposed a fine of SEK 6 million on a software company following personal data leak from a cyberattack.
- The Dutch Data Protection Authority outlined its vision on generative AI governance.
- Latvia’s Data Inspectorate released a guidance on transparency and content requirements for cookie policy.
- Turkish Data Protection Authority announced data breach involving a food manufacturing company.
Americas
- A New York bill on additional protections for sensitive health information passed by Senate.
- Information and Privacy Commissioner of Ontario issued guidance on AI scribes to safeguard patient data.
- A coalition of U.S. Attorneys General criticised the Department of Justice’s attempt to obtain sensitive data from Minnesota authorities.
- An Oregon bill establishing Commission on Artificial Intelligence was prefiled in House.
- A bill to create a Telephone Solicitation Act was introduced in the Michigan’s House of Representatives.
- A California bill on consumer privacy requests dealing with deletion request records and request submission methods was introduced in the Senate.
- Quebec’s Access to Information Commission released explanatory guide and checklist on preventing privacy breaches.
- Hawaii’s Drop and Delete Act to regulate data brokers, enable personal data deletion and establish enforcement mechanisms introduced to House of Representatives.
