Profile avatar
dataguidance.bsky.social
OneTrust DataGuidance provides a comprehensive platform for regulatory research, offering over two decades of expertise to privacy professionals worldwide.
315 posts 37 followers 93 following
Prolific Poster
Posts 49 Comments 1

Ireland: DPC publishes 2024 annual report. The report highlights €652 million in fines, over 11,000 complaints, and a rise in breach notifications. Learn more: bit.ly/4laUbwx

submitted 1 day ago • 0 comments

New York: New York child data protection act comes into effect. The act sets strict consent and deletion rules, bans data sales, and allows the AG to enforce violations with fines up to $5,000 per incident. Check it out: bit.ly/3HJjacb

submitted 2 days ago • 0 comments

UK: ICO publishes guidance on the Data (Use and Access) Act. The guidance from the ICO explains key changes to UK data laws, including updates on research use, cookies, marketing, and automated decisions. Read now: bit.ly/3ZHaUPY

submitted 2 days ago • 0 comments

Romania: Bill approving Emergency Ordinance on NIS 2 implementation sent for promulgation. The bill transposes the NIS 2 Directive, introduces training requirements for management of critical entities, and defines social networking platforms. Read on: www.dataguidance.com/news/romania...

submitted 2 days ago • 0 comments

EU: Parliamentary Committee publishes recommendations and draft Directive on AI and algorithmic management in the workplace. The proposal aims to close regulatory gaps left by the EU AI Act and GDPR. Check it out: www.dataguidance.com/news/eu-parl...

submitted 2 days ago • 0 comments

California: Governor publishes report on Frontier AI Policy. The Report stresses transparency and outlines classification approaches for AI models. Check it out: www.dataguidance.com/news/califor...

submitted 2 days ago • 0 comments

UK: Data (Use and Access) Bill receives Royal Assent and becomes law. The Act sets out recognized legitimate interests for lawful data processing and outlines when secondary data use is considered compatible with the original purpose. Read now: www.dataguidance.com/news/uk-data...

submitted 2 days ago • 0 comments

UK: ICO fines 23andMe £2.31M for data security failures following data breach. The ICO found that weak security measures, including the lack of multi-factor authentication, allowed a hacker to access sensitive data of over 155,000 people. Learn more: bit.ly/4n9hitj

submitted 3 days ago • 0 comments

EU: Commission confirms applicability of EU-US Data Privacy Framework. The European Commission confirmed that data transfers under the EU-US Data Privacy Framework remain lawful, despite concerns over PCLOB member dismissals. Check it out: bit.ly/3G5r2UJ

submitted 3 days ago • 1 comment

China: NPC representatives propose motion for AI law. The proposed law would cover AI risk classification, ethical standards, innovation incentives, and clarify legal responsibilities for #AI technologies. Read now: bit.ly/3ZDqPyH

submitted 4 days ago • 0 comments

International: ACN and BSI publish report on AI supply chain. The report outlines a framework to boost #AI cybersecurity through transparency, component tracking, and supply chain traceability. Check it out: bit.ly/3I1L8zG

submitted 4 days ago • 0 comments

EU: Council of the EU announces agreement on law regarding cross-border GDPR enforcement. The law aims to harmonize complaint handling and boost cooperation among data protection authorities. Read now: bit.ly/3FT9DP6

submitted 5 days ago • 0 comments

Australia: ACMA fines TAB AUD 4M for direct marketing violations. The ACMA fined Tabcorp Holdings AUD 4 million for breaching the Spam Act by sending thousands of marketing messages without unsubscribe options or proper sender details. Read now: bit.ly/4kPpdKM

submitted 5 days ago • 0 comments

🌍 Sending data outside the EU? Know the rules. Under #GDPR, cross-border transfers require: ✔️ Adequacy decisions (pre-approved countries) ✔️ Appropriate safeguards (SCCs, BCRs) ✔️ Derogations (explicit consent, legal necessity)

submitted 5 days ago • 0 comments

India: Reporting requirements under Digital Lending Directions enter into effect. The rules apply to banks, NBFCs, and digital lending apps, mandating data privacy safeguards, domestic data storage, and clear borrower consent. Check it out: bit.ly/3SWg1rI

submitted 5 days ago • 0 comments

Brazil: MCTI unveils final version of #AI Plan. The plan emphasizes local innovation, supercomputing, global leadership, and inclusive collaboration. Learn more: bit.ly/4jPmgbO

submitted 5 days ago • 0 comments

Michigan: Bill for personal data privacy act re-introduced to Senate. The bill sets rules for handling consumer data, outlines consumer rights, and assigns duties to data handlers, with exemptions for certain entities. Read now: bit.ly/4jY6hbB

submitted 6 days ago • 0 comments

Norway: Datatilsynet fines company NOK 250,000 as part of tracking pixels enforcement. The site unlawfully shared children's data with third parties without a proper legal basis or user notification. Learn more: www.dataguidance.com/news/norway-...

submitted 9 days ago • 0 comments

Vermont: Age-Appropriate Design Code bill signed by Governor into law. It applies to businesses offering online services likely to be used by individuals under 18 and places strict limits on data collection, tracking, and more. Read on: www.dataguidance.com/news/vermont...

submitted 9 days ago • 0 comments

New York: RAISE act passes legislature. New York passed the RAISE Act, establishing safety, transparency, and audit requirements for developers of powerful AI frontier models. Read now: www.dataguidance.com/news/new-yor...

submitted 9 days ago • 0 comments

Australia: APRA directs RSE licensees to reinforce security and authentication controls. RSE licensees must assess and upgrade their information security safeguards by August 31, 2025, or report material weaknesses to APRA. Read now: www.dataguidance.com/news/austral...

submitted 10 days ago • 0 comments

Luxembourg: CNPD publishes opinion on draft AI regulation. The opinion calls for clearer limits on the CNPD's expanded role, legal alignment with the Act, and possible changes to its mandate and name. Learn more: www.dataguidance.com/news/luxembo...

submitted 10 days ago • 0 comments

UK: Data (Use and Access) Bill passes both Houses of Parliament. The bill updates the UK's data protection rules, including new bases for data use, access rights, automated decisions, and international data transfers. Read now: www.dataguidance.com/news/uk-data...

submitted 10 days ago • 0 comments

EU: Parliament releases AI Act implementation timeline factsheet. The document outlines key dates for provisions on prohibited practices, high-risk AI systems, governance, and penalties. Check it out: www.dataguidance.com/news/eu-parl...

submitted 11 days ago • 0 comments

China: CAC releases Cyberspace Rule of Law Development Report for 2024. Key developments include new data security rules, cross-border data flow reforms, and enhanced safeguards for minors and consumers. Learn more: www.dataguidance.com/news/china-c...

submitted 11 days ago • 0 comments

EU: EDPS and AEPD publish joint report on federated learning. The report highlights federated learning as a privacy-enhancing approach to AI that keeps personal data decentralized. Read now: www.dataguidance.com/news/eu-edps...

submitted 11 days ago • 0 comments

Hong Kong: PCPD publishes letter to elaborate on importance of organizations formulating internal policies or guidelines on AI. The PCPD urges organizations to create #AI policies to safeguard data privacy and interests. Check it out: bit.ly/4l03Kyv

submitted 11 days ago • 0 comments

Australia: OAIC announces that individuals can now seek redress for privacy harms in court. This statutory tort allows individuals to bring legal claims against entities that invade their privacy through intrusion or misuse of information. Learn more: bit.ly/4jMKwLv

submitted 11 days ago • 0 comments

USA: AGs sue to prevent #23andMe from selling customer genetic data without consent. The AGs argue that genetic data is too sensitive to be sold without explicit, informed consent. Read now: bit.ly/3HBwMpS

submitted 12 days ago • 0 comments

Spain: AEPD fines ALVEA SOLUCIONES TECNOLÓGICAS €35,000 for lack of security measures. The fine follows a complaint that Alvea exposed candidate data via an unsecured link and retained personal information longer than stated. Learn more: bit.ly/3TgchBq

submitted 12 days ago • 0 comments

Poland: UODO appeals decision on statute of limitations for GDPR violations. Poland's UODO appealed a court ruling that overturned a #GDPR fine against Santander, challenging the use of national time limits for such penalties. Learn more: bit.ly/43SyquG

submitted 12 days ago • 0 comments

UK: Ofcom publishes strategic approach to AI. The strategy includes investing in research, publishing open datasets, collaborating with other regulators, and guiding responsible #AI use across sectors. Read now: bit.ly/4jS3sJa

submitted 12 days ago • 0 comments

Japan: Act on research, development, and utilization of AI enters into effect. Japan's new #AIAct came into effect, aiming to boost research, development, and use of AI technologies through national and local government policies. Learn more: bit.ly/4jImwtc

submitted 13 days ago • 0 comments

EU: EDPB publishes final Guidelines on data transfers to third country authorities. The Guidelines stress that such data transfers require a valid legal basis or international agreement, and cannot rely solely on foreign authority demands. Check it out: bit.ly/45doJcC

submitted 15 days ago • 0 comments

UK: ICO publishes #AI and biometrics strategy. The ICO plans to set clear standards, update guidance, and ensure responsible use of AI technologies to protect public trust and individual rights. Read now: bit.ly/4jDg2LU

submitted 16 days ago • 0 comments

Is there a regulatory formula that will truly enable innovation to drive prosperity in the age of #AI? My suggested bulding blocks for a global approach to this challenge (originally published in @dataguidance.bsky.social #DPLeader). www.linkedin.com/pulse/way-fo...

submitted 16 days ago • 1 comment

Texas: Bill on data broker notice requirements sent to Governor. The bill requires data brokers that maintain a website or mobile application to post a notice that includes information on the handling of children's personal data. Read more: bit.ly/4jx3S7n

submitted 16 days ago • 0 comments

Germany: BSI publishes criteria for AI systems in financial sector. The catalogue includes practical criteria for testing #AI systems and suggests suitable test methods and tools for technical and document-based testing. Learn more: bit.ly/4kvQguu

submitted 17 days ago • 0 comments

Sweden: Court of Appeal fines Spotify SEK 58M for failing to handle data subject rights. The Court of Appeal found that Spotify violated the #GDPR. Learn more: bit.ly/4dQQqu3

submitted 17 days ago • 0 comments

Texas: App Store Accountability Act signed by Governor. The Act will enter into force on January 1, 2026, and establishes obligations for app store owners and software application developers. Check it out: bit.ly/4kTugtq

submitted 17 days ago • 0 comments

Oregon: Bill relating to consumer protection signed by Governor. The Act amends the OCPA to prohibit controllers from processing personal data for the purposes of targeted advertising. Read now: bit.ly/3ZikOay

submitted 18 days ago • 0 comments

Italy: Garante fines Lombardy Region €50,000 for several violations of the GDPR and the Code for unlawfully monitoring employees' internet and email metadata without union agreements, adequate safeguards, or a DPIA. Read more: bit.ly/4kPgyaW

submitted 18 days ago • 0 comments

Brazil: ANPD opens public consultation on biometric data processing. The consultation contains questions organized in five thematic areas, including #facialrecognition technologies and emerging technologies. Check it out: bit.ly/3FocgZ4

submitted 19 days ago • 0 comments

Germany: BfDI imposes two fines totaling €45M on Vodafone for GDPR violations. The BfDI found that Vodafone violated the #GDPR by not sufficiently monitoring partner agencies working on its behalf in terms of the data protection law. Read now: bit.ly/43r29vB

submitted 19 days ago • 0 comments

China: Measures on security of facial recognition technology enter into force. The measures entered into force on June 1 and mandate strict legal, security, and consent requirements for processing facial data. Check it out: bit.ly/43qrXrVn

submitted 19 days ago • 0 comments

Malaysia: PDPA Amendment Act fully comes into effect. The PDPA Amendment Act came into effect on June 1, including Sections 6 and 9 which provide for the mandatory appointment of DPOs and data breach notifications. Read more: bit.ly/4dKtCfo

submitted 20 days ago • 0 comments

Texas: Bill for Texas Responsible Artificial Intelligence Governance Act passes Legislature. The bill, set to take effect January 1, 2026, establishes #AI governance rules including consent requirements and bans on social scoring. Read now: bit.ly/4jxuoOa

submitted 20 days ago • 0 comments

Vermont: Age-Appropriate Design Code Act passes legislature. The Act sets strict privacy and safety rules for online services used by minors, including default privacy protections, limits on data use, and transparency about algorithms. Learn more: bit.ly/4dLrofQ

submitted 22 days ago • 0 comments

International: ISO publishes AI impact assessment standard. The new standard helps organizations evaluate #AI effects throughout its lifecycle to ensure fairness, safety, and trust. Check it out: bit.ly/4mDJpk9

submitted 22 days ago • 0 comments