Author | Lightnews

DataGuidance @dataguidance.bsky.social · 2d

USA: EPIC publishes report on AGs' privacy enforcement actions.

The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.

Learn more: https://bit.ly/47fNUvC

1

DataGuidance @dataguidance.bsky.social · 2d

EU: Parliament publishes study on interplay between AI Act and digital frameworks.

The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.

Check it out: https://bit.ly/3Jm3mND

1

DataGuidance @dataguidance.bsky.social · 2d

Singapore: CSA opens public consultation on addendum to AI security guidelines.

The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.

Learn more: https://bit.ly/4ojzBMH

DataGuidance @dataguidance.bsky.social · 2d

Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.

The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.

Read on: https://bit.ly/4oIjg3N

DataGuidance @dataguidance.bsky.social · 2d

UK: ICO publishes enforcement procedural guidance for consultation.

The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.

Read now: https://bit.ly/3X5zgRC

DataGuidance @dataguidance.bsky.social · 3d

UK: ICO fines sole trader £200,000 for sending unsolicited direct marketing messages.

The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.

Learn more: https://bit.ly/4ogqNXG

DataGuidance @dataguidance.bsky.social · 3d

Switzerland: Federal Council launches consultation on very large online platforms and search engines regulation.

Check it out: https://bit.ly/4oCoiPa

1

DataGuidance @dataguidance.bsky.social · 3d

Finland: Ombudsman fines Aktia €865,000 for security flaws in electronic identification service.

The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.

Read on: https://bit.ly/49b5KRZ

DataGuidance @dataguidance.bsky.social · 3d

EU: EDPS publishes revised guidelines on generative AI.

The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.

Learn more: https://bit.ly/3L5IJG2

1

DataGuidance @dataguidance.bsky.social · 3d

EU: Delegated act on data access enters into force.

The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.

Read now: https://bit.ly/4oOZTGy

DataGuidance @dataguidance.bsky.social · 4d

Colombia: House Committee approves combined bill to amend data protection law.

The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.

Learn more: https://bit.ly/49t37uB

DataGuidance @dataguidance.bsky.social · 4d

USA: Senators introduce bill for protection of children from AI chatbots.

The bill would impose various obligations on covered entities, such as disclosing to the user that the chatbot is an AI system.

Check it out: https://bit.ly/4ohPByL

1

DataGuidance @dataguidance.bsky.social · 4d

International: 65 nations sign Convention against Cybercrime.

The Convention introduces the first universal framework for investigating and prosecuting offenses committed online, such as financial fraud and nonconsensual sharing of intimate images.

Learn more: https://bit.ly/3LwJesB

DataGuidance @dataguidance.bsky.social · 4d

Australia: Government launches consultation on use of copyright material in AI.

The Government will be convening the CAIRG to discuss fair, legal avenues for using copyright material in AI.

Read on: https://bit.ly/3JzrWur

DataGuidance @dataguidance.bsky.social · 4d

China: NPC passes amendments to Cybersecurity Law.

The main amendments to the bill include supported research on AI and the development of key technologies and strengthened security risk monitoring and assessment.

Read now: https://bit.ly/4ntGEkz

1

DataGuidance @dataguidance.bsky.social · 5d

Croatia: AZOP publishes FAQs on AI Act.

The FAQs cover the interplay between the AI Act and the GDPR, legal bases for processing personal data in AI systems, and rights of individuals whose data is used to train AI models.

Learn more: https://bit.ly/47R13KP

DataGuidance @dataguidance.bsky.social · 5d

California: California DOJ to solicit public comments on upcoming rulemaking on Protecting Our Kids from Social Media Addiction Act.

Check it out: https://bit.ly/4oKanHa

DataGuidance @dataguidance.bsky.social · 5d

Netherlands: AP publishes building on AI literacy guideline.

The guideline provides recommended actions organizations can take regarding the identification, implementation, and evaluation of AI systems, and setting goals for AI use within the organization.

Learn more: https://bit.ly/47zxjSy

1

DataGuidance @dataguidance.bsky.social · 5d

Hong Kong: PCPD issues new guidance on CCTV, drones, and in-vehicle cameras.

The guidance includes key considerations, such as conducting PIAs, providing clear notice, and ensuring timely deletion of footage.

Read on: https://bit.ly/47ol8aW

DataGuidance @dataguidance.bsky.social · 5d

Austria: NOYB initiates criminal proceedings against Clearview AI.

NOYB noted that the complaint was against Clearview AI's facial recognition technology and highlighted previous complaints and fines imposed by EU data protection authorities.

Read now: https://bit.ly/3J4aApu

DataGuidance @dataguidance.bsky.social · 6d

Colombia: SIC issues final guidelines on the processing of personal data during technology transfer.

The guidelines cover obligations for SIC-supervised entities engaged in technology transfer processes.

Learn more: https://bit.ly/4olu08k

1

DataGuidance @dataguidance.bsky.social · 6d

China: CAC and SAMR publish measures for authenticating personal information exported abroad.

The Measures, which take effect on January 1, 2026, aim to protect personal information rights and interests.

Check it out: https://bit.ly/47q7ynh

DataGuidance @dataguidance.bsky.social · 6d

China: MIIT releases fifth batch of 2025 of app notifications for violations of user rights.

The MIIT spot checks found that 29 apps violate user rights under various laws, including by illegally collecting personal information.

Learn more: https://bit.ly/4oCgixP

DataGuidance @dataguidance.bsky.social · 6d

France: CNIL releases a survey on targeted advertising.

The survey focused on whether users are willing to pay for online services without targeted advertising, and showed that data protection is a key factor that users consider when choosing digital services.

Read on: https://bit.ly/47oAxYG

DataGuidance @dataguidance.bsky.social · 6d

EU: Commission preliminarily finds TikTok and Meta in breach of DSA transparency obligations.

The Commission's preliminary findings show that they may have burdensome procedures and tools in place for researchers to access public data.

Read now: https://bit.ly/4qojCOF