Author | Lightnews

DataGuidance @dataguidance.bsky.social · 12h

China: CAC publishes Q&A on new regulations for cross-border data flows.

The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.

Read now: https://bit.ly/4930D67

DataGuidance @dataguidance.bsky.social · 13h

New York: Last phase of compliance under NYDFS' Cybersecurity Regulation amendments enters into effect.

The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.

Learn more: https://bit.ly/4hEQIpA

DataGuidance @dataguidance.bsky.social · 16h

Oregon: AG publishes Quarter 3 2025 Enforcement Report under OCPA.

The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.

Read now: https://bit.ly/4qFUlzJ

DataGuidance @dataguidance.bsky.social · 1d

USA: Coalition send letter to FTC to stop Meta's use of chat data for ads.

The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.

Explore more: https://bit.ly/3LmRdIL

DataGuidance @dataguidance.bsky.social · 1d

Texas: AG finalizes $1.375B settlement with Google over privacy.

The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.

Learn more: https://bit.ly/4nwIilr

DataGuidance

Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world

bit.ly

1

DataGuidance @dataguidance.bsky.social · 1d

Colombia: SIC fines Colombia Telecomunicaciones COP 670 million for unlawful data processing.

The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.

Learn more: https://bit.ly/47yvapQ

DataGuidance @dataguidance.bsky.social · 1d

California: AG secures $530,000 settlement with Sling TV for CCPA violations.

The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.

Read on: https://bit.ly/4oLKlmz

DataGuidance @dataguidance.bsky.social · 4d

USA: EPIC publishes report on AGs' privacy enforcement actions.

The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.

Learn more: https://bit.ly/47fNUvC

1

DataGuidance @dataguidance.bsky.social · 4d

EU: Parliament publishes study on interplay between AI Act and digital frameworks.

The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.

Check it out: https://bit.ly/3Jm3mND

1

DataGuidance @dataguidance.bsky.social · 4d

Singapore: CSA opens public consultation on addendum to AI security guidelines.

The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.

Learn more: https://bit.ly/4ojzBMH

DataGuidance @dataguidance.bsky.social · 4d

Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.

The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.

Read on: https://bit.ly/4oIjg3N

DataGuidance @dataguidance.bsky.social · 4d

UK: ICO publishes enforcement procedural guidance for consultation.

The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.

Read now: https://bit.ly/3X5zgRC

DataGuidance @dataguidance.bsky.social · 5d

UK: ICO fines sole trader £200,000 for sending unsolicited direct marketing messages.

The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.

Learn more: https://bit.ly/4ogqNXG

DataGuidance @dataguidance.bsky.social · 5d

Switzerland: Federal Council launches consultation on very large online platforms and search engines regulation.

Check it out: https://bit.ly/4oCoiPa

1

DataGuidance @dataguidance.bsky.social · 5d

Finland: Ombudsman fines Aktia €865,000 for security flaws in electronic identification service.

The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.

Read on: https://bit.ly/49b5KRZ

DataGuidance @dataguidance.bsky.social · 5d

EU: EDPS publishes revised guidelines on generative AI.

The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.

Learn more: https://bit.ly/3L5IJG2

1

DataGuidance @dataguidance.bsky.social · 5d

EU: Delegated act on data access enters into force.

The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.

Read now: https://bit.ly/4oOZTGy

DataGuidance @dataguidance.bsky.social · 6d

Colombia: House Committee approves combined bill to amend data protection law.

The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.

Learn more: https://bit.ly/49t37uB

DataGuidance @dataguidance.bsky.social · 6d

USA: Senators introduce bill for protection of children from AI chatbots.

The bill would impose various obligations on covered entities, such as disclosing to the user that the chatbot is an AI system.

Check it out: https://bit.ly/4ohPByL

1

DataGuidance @dataguidance.bsky.social · 6d

International: 65 nations sign Convention against Cybercrime.

The Convention introduces the first universal framework for investigating and prosecuting offenses committed online, such as financial fraud and nonconsensual sharing of intimate images.

Learn more: https://bit.ly/3LwJesB

DataGuidance @dataguidance.bsky.social · 6d

Australia: Government launches consultation on use of copyright material in AI.

The Government will be convening the CAIRG to discuss fair, legal avenues for using copyright material in AI.

Read on: https://bit.ly/3JzrWur

DataGuidance @dataguidance.bsky.social · 6d

China: NPC passes amendments to Cybersecurity Law.

The main amendments to the bill include supported research on AI and the development of key technologies and strengthened security risk monitoring and assessment.

Read now: https://bit.ly/4ntGEkz

1

DataGuidance @dataguidance.bsky.social · 7d

Croatia: AZOP publishes FAQs on AI Act.

The FAQs cover the interplay between the AI Act and the GDPR, legal bases for processing personal data in AI systems, and rights of individuals whose data is used to train AI models.

Learn more: https://bit.ly/47R13KP

DataGuidance @dataguidance.bsky.social · 7d

California: California DOJ to solicit public comments on upcoming rulemaking on Protecting Our Kids from Social Media Addiction Act.

Check it out: https://bit.ly/4oKanHa

DataGuidance @dataguidance.bsky.social · 7d

Netherlands: AP publishes building on AI literacy guideline.

The guideline provides recommended actions organizations can take regarding the identification, implementation, and evaluation of AI systems, and setting goals for AI use within the organization.

Learn more: https://bit.ly/47zxjSy

1