OneTrust DataGuidance

EU: Commission proposes single-entry point for cybersecurity and data breach reporting on Digital Omnibus. Learn more: bit.ly/4bwTQ4g

EU: CJEU issues decision on request for access and when it may be considered abusive. Explore more: bit.ly/4lIkITE

USA: NIST publishes report on monitoring deployed AI systems. The report identifies challenges and monitoring categories for deployed AI systems to inform and support future research in the field of AI. Check it out: bit.ly/41nMNWJ

EU: EDPB and EDPS adopt Joint Opinion on Proposal for Cybersecurity Act 2 and NIS2 amendments, emphasizing balanced cybersecurity measures and welcoming clarifications regarding ENISA's role in supporting the implementation of EU law. Read now: bit.ly/4rFLU6V

EU: EDPB launches CEF on transparency and information obligations under GDPR. Explore more: bit.ly/47cMqBX

Hong Kong: PCPD issues alert over privacy risks of OpenClaw and agentic AI agents. The PCPD advised that agentic AI poses higher privacy and security risks due to autonomous actions and broad system access. Check it out: bit.ly/4smWrVN

USA: Senators issue letter to Meta on privacy issues of facial recognition technology in smart glasses, warning of consent, data use, and civil‑liberties risks from identifying people in public spaces. Check it out: bit.ly/47P3WfB

Brazil: President signs two Decrees regulating the Digital ECA and the ANPD, strengthen child online protections, regulate age verification and AI systems, and empower the ANPD as the lead enforcement authority. Learn more: bit.ly/4d30kKJ

Maryland: Bill proposing comprehensive consumer protection and liability rules for chatbots introduced. The bill would regulate chatbots and generative AI and impose strict consent and strong enforcement under consumer protection law. Read now: bit.ly/4sV7l4O

New York: Bill amending RAISE Act passes Assembly. The bill mandates transparency and safety requirements for AI developers, including prohibiting frontier developers from making materially false or misleading statements. Learn more: bit.ly/4uxw6FX

Sweden: IMY publishes guidance on smart glasses. The guidance emphasizes privacy risks and legal implications of smart glasses usage, clarifying that the GDPR often applies to content shared on social media. Explore more: bit.ly/47G6koZ

EU: Digital Networks Act proposed to harmonize telecoms rules across Member States which aims to modernize and harmonize the EU framework for electronic communications networks and services. Read now: bit.ly/3NLGqcL

New York: Bill requiring notices on generative AI systems passes Senate which equires owners, licensees, and operators of generative AI systems to display warnings on such systems about potential inaccuracies or inappropriateness of outputs. Read now: bit.ly/4bmWVne

Vietnam: MPS issues draft decree on administrative sanctions in cybersecurity and personal data protection for consultation. Learn more: bit.ly/4sYAFHP

South Dakota: Bill on criminal invasions of privacy and digitally fabricated material signed into law. The bill imposes penalties for nonconsensual visual recordings and digitally altered sexual content. Explore more: bit.ly/40G3lsS

Spain: CNMC adopts emergency measures to ensure telecommunications service continuity. The CNMC approved the package of exceptional, temporary measures designed to ensure telecommunications service continuity amid operator instability. Read now: bit.ly/47BfanW

Australia: OAIC issues privacy guidance on age assurance technologies, such as adopting privacy‑by‑design approaches and conducting PIAs. Read now: bit.ly/4uwRivw

Brazil: Digital ECA enters into force. The Digital ECA mandates protections for minors using digital products and services in Brazil, with significant penalties for noncompliance. Check it out: bit.ly/4lBC708

Oklahoma: Comprehensive Data Privacy Bill passes both houses. The bill establishes a comprehensive data privacy framework with specific obligations and enforcement measures, and will take effect on January 1, 2027, if signed by the Governor. Learn more: bit.ly/4dsiLbH

Italy: Garante fines Intesa Sanpaolo €17.6M for unlawful processing of data. The Garante found that ISP violated several GDPR provisions for unlawful data processing and insufficient customer notification during a corporate reorganization. Read more: bit.ly/4rKcYly