Issue 309

APAC

  • Reserve Bank of India issued an advisory on best practices to ensure consumer data protection.
  • South Korea’s bill to amend the Information and Communications Network Act approved by the National Assembly.
  • The Monetary Authority of Singapore collaborated with industry stakeholders to develop AI risk management toolkit for the financial sector.
  • Vietnam’s National Assembly passed a new Cybersecurity Law.
  • Australian Office of Information Commissioner published an exposure draft of the Children’s Online Privacy Code.

EMEA

  • European Data Protection Board released One-Stop-Shop case compilation on legitimate interest as a legal basis under the GDPR.
  • Italy’s Data Protection Authority imposed a EUR 17.6 million fine on a banking company for unlawful data processing.
  • CNIL, France released guidelines on use of sound recording devices in video surveillance systems.
  • European Parliament adopted its position on the Digital Omnibus proposal on AI – set of amendments to the AI Act.
  • UK’s ICO published guidance on recognized legitimate interest as a lawful basis for processing personal data.
  • Dutch Data Protection Authority released a guide on processing health data in cloud environment.
  • Slovakia’s Security Authority published preliminary information on Cyber Resilience Act.
  • Hamburg Data Protection Commissioner released its 2025 activity report highlighting key trends and enforcement actions.
  • European Commission launched an investigation into a social media platform over child protection concerns under the Digital Services Act.
  • Turkish Data Protection Authority announced data breach involving a public services company.

Americas

  • New York bill on transparency and safety requirements for AI models passed by the State Assembly.
  • Oklahoma’s comprehensive bill on data privacy protections signed into law by the Governor.
  • South Dakota enacted legislation to safeguard the integrity, privacy and security of genetic data.
  • Washington State passed a bill requiring disclosure of AI-generated or AI-modified content.
  • New Jersey’s Privacy Protection Act signed into law by the Governor.
  • Utah enacted a law to address the use of genetic sequencing tools and storage of genetic data.
  • U.S. Senators raised concerns with a technology company regarding the use of facial recognition in smart glasses.
  • Brazil’s Data Protection Agency released preliminary guidelines on age verification in the digital environment.