Sabitlenmiş Tweet
Kayli Lewis @ MailSPEC
54.2K posts

Kayli Lewis @ MailSPEC
@mailspec
Director of compliance strategy here at MailSPEC. We provide AI data classification and governance in sovereign control for regulated industries.
Internet Katılım Ağustos 2021
542 Takip Edilen5.6K Takipçiler
Kayli Lewis @ MailSPEC retweetledi

The 5 Strictest Data Privacy Laws In The World And What They Mean For Your International Business
When looking at data privacy law enforcement data from five continents, I constantly keep landing on the same uncomfortable conclusion: most international businesses are managing data privacy like it's a legal checkbox and not a real board-level business risk.
Here are the five strictest data privacy laws in the world that confirm how serious issue is managing data privacy in your company the wrong way.
The EU's GDPR. Fines have reached €7.1 billion cumulatively, up 21% year over year. What's changed is who's getting hit. Spain alone has logged over 1,000 enforcement actions, the majority against mid-market companies, not tech giants. If you thought GDPR was a "Meta and Google problem," the data says otherwise.
China's PIPL is the one most Western executives underestimate. Penalties reach 5% of annual revenue and cover 1.4 billion people, but the real risk is localization. In September 2025, Dior's Shanghai subsidiary was penalized for unauthorized cross-border data transfers and inadequate consent; a brand with a compliance budget most companies would envy, still caught flat-footed.
South Korea's PIPA just became personal. The March 2026 amendment names the CEO or representative director as the ultimate responsible party for data protection compliance, with penalties now reaching 10% of turnover. I don't think enough leadership teams have clocked that this is no longer a delegated risk.
California's CCPA/CPRA looks smaller on paper, $7,988 per intentional violation, until you realize there's no aggregate cap. Multiply that by a breach affecting tens of thousands of records, and you're in GDPR territory, fast.
Quebec's Law 25 rarely makes the headline lists, but it should. CAD 25 million or 4% of worldwide turnover, the strictest privacy law in North America outside California. Any company with a Canadian footprint that hasn't audited against this specifically is exposed.
The businesses I've watched handle this well didn't ask "what does GDPR require, what does PIPL require, what does CCPA require" as five separate assignments. They asked one question: what's the strictest standard across all five, and how do we build to that once?
That's not just cleaner. It's cheaper. A single privacy-by-design architecture built to PIPA and PIPL's ceiling automatically satisfies GDPR, CCPA, and Law 25. The reverse is rarely true.
The regulatory patchwork isn't going away. Over 50 jurisdictions now have enforceable data protection regimes, and that number is climbing. The only real choice left for international business is whether you build once for the hardest bar or you keep building five different half-measures and hope none of them get audited in the same fiscal year.
English

@haveibeenpwned Companies need to pay greater attention to vulnerabilities.
English

New breach: Earlier this month, Fluke was targeted in a ShinyHunters extortion campaign. The group published more than 800k email addresses along with largely corporate contact information and support cases. 51% were already in @haveibeenpwned. Read more: haveibeenpwned.com/Breach/Fluke
English

Microsoft has made Windows settings backup non-optional for most businesses. Starting with Windows 11 26H2, the feature now called “Windows settings backup and restore” automatically turns itself on for eligible devices. It copies your Windows settings and list of installed Microsoft Store apps to Microsoft’s cloud every eight days by default with no user or admin prompt.
Microsoft says this is for easier recovery after lost laptops or hardware refreshes.
In reality, it also accelerates PC upgrades and pushes organizations toward a cloud-first management model.
The only major exception is the European Union, where the Digital Markets Act requires Microsoft to keep the feature off until an administrator explicitly enables it. Everywhere else, consent is assumed.
Reclaim The Net@ReclaimTheNetHQ
Microsoft Decided Your Windows Settings Belong in Its Cloud reclaimthenet.org/microsoft-deci…
English

@TutaPrivacy Also, companies need to be able to create a safer internet.
English

A safer internet should be a private, secure and open internet.
Today we’ve joined over 20 organizations to urge the UK Government to protect children online without making the internet less secure by restricting VPNs. 😡
Child safety and digital security aren’t competing objectives – we need both.
Read the letter here 👉vpntrust.net/2026/07/08/ope…
#SafeAndSecure

English

🚨 China's new law on anthropomorphic AI comes into effect tomorrow, and the world should be paying attention. Here is what it says:
As I wrote earlier this year, when the law's first draft was published, it is the world's strictest and most comprehensive law on the topic, unmatched by any other AI law, including the EU AI Act.
Lawmakers, policymakers, and advocates should pay special attention to this law because it:
- Demystifies the false idea that China does not regulate AI or that the only way to be a competitive player in the AI race is through radical deregulation or a lack of attention to AI harms;
- Offers a real-world example of a legal framework that acknowledges AI-related human vulnerabilities and proposes contextual technical measures to prevent AI-anthropomorphism-related harm;
- Raises awareness about the importance of regulating human-like AI, especially as it becomes widespread.
-
👉 Next week, I'll publish a lecture with an article-by-article commentary on this new law. To receive it, subscribe using the link in the first comment.
👉 Check out the full translation of China's new law on anthropomorphic AI below.

English

X admits its broken algorithm made the site feel like a ‘battleground’ theverge.com/tech/965360/x-…
English

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
arstechnica.com/security/2026/…
English

Telegram’s shortlink domain is back online after day-long suspension techcrunch.com/2026/07/14/tel…
English

For years, data privacy got filed under "IT problem" or "legal checkbox." That framing is dead. When breach disclosure becomes routine, disclosure itself becomes a reputational and legal risk. Your customers don't read the DPA's ruling. They read the headline.
If a breach at your organization becomes public tomorrow, the first question from your biggest client won't be "did you comply." It'll be "why did you trust that vendor with our data in the first place?" Sovereign, auditable infrastructure is the only answer to that question that doesn't sound like an excuse.
English

€530 million. That's what Ireland's regulator fined TikTok for moving EU user data to China without adequate safeguards. This is the second-largest GDPR fine ever handed out, and it wasn't for a breach. Nobody hacked anything. The violation was the transfer itself.
Sit with that. You don't need an attacker. You just need the wrong jurisdiction in your data flow diagram.
I keep hearing founders say, "we're not TikTok; we don't have geopolitical exposure." Wrong frame. The exposure is about where your processors, your subprocessors, and your backup infrastructure physically and legally sit. Most companies can't actually answer that question past the first vendor layer.
If you cannot draw a complete map of every jurisdiction your customer data touches, including your vendors' vendors, you have already failed the test that just cost TikTok half a billion euros. Sovereign infrastructure means being able to answer that question with a straight face.
English
Kayli Lewis @ MailSPEC retweetledi

Des emails sur les « pixels de suivi » envahissent votre boîte mail depuis quelques jours ? Ce n'est pas une arnaque... mais une nouvelle règle de la CNIL ➡️ 01net.com/actualites/ces…

Français

The companies building surveillance tools in conflict zones are playing central roles in our lives
The militarisation of tech is reshaping our townsquares
privacyinternational.org/long-read/5669…
English

Have you been applying to jobs recently and wondered if AI could be at play?
We’ve been wondering about the booming AI recruitment industry ourselves and decided to look into it.
privacyinternational.org/long-read/5798…
English




