The EU Digital Services Act's reporting obligation for intermediary services officially enters into force this year, Prighter Partner Andreas Mätzler, CIPP/E, CIPM, FIP, and Privacy Professional Katharina Jokic write.
The IAPP Research and Insights team updated the Key Dates 2025 resource. The calendar includes key dates for the entry into force of some of the more significant legislative requirements, regulatory consultation periods, major anniversaries and IAPP events.Full story
Children's online safety legislation remains a top priority for the 119th U.S. Congress, but consensus frameworks between the Senate and House are not as clear. The Senate is already working to pick up where it left off last year, when it overwhelmingly passed the proposed Kids Online Safety and Privacy Act before watching it fizzle in House consideration.
In a 21-19 vote, the Virginia Senate passed House Bill 2094 containing requirements for the development and deployment of high-risk AI systems while assigning civil penalties for violations. The bill previously passed the House 4 Feb. and now heads to Gov. Glenn Youngkin, R-Va., for potential enactment. It has a 1 July 2026 effective date.Full story
Members of the European Parliament's Internal Market and Consumer Protection Committee voted to continue work on the AI Liability Directive after the European Commission withdrew the proposal, Euronews reports. However, the European Parliament's Legal Affairs Committee has not made a decision to continue pursuing the directive.
Organizations must ensure their AI policies are adaptable to navigate risks and address issues associated within development and use. Alteryx Privacy Senior Counsel Anjella Shirkhanloo, CIPM, analyzed the shift from a compliance-driven approach to an "adaptive, living governance model" that will help "mitigate risk, avoid regulatory blind spots and build trust."Full story
The Cyberspace Administration of China completed an investigation of 82 apps under the Personal Information Protection Law following various complaints. The CAC investigation found four apps provided insufficient disclosures on data collection and use policies, while the other 78 apps did not offer a function to delete or correct personal information.Full story
Former U.S. Army soldier Cameron John Wagenius pleaded guilty to unlawfully breaching consumer phone data from AT&T and Verizon's information systems, TechCrunch reports. U.S.
Poland's data protection authority, the Urząd Ochrony Danych Osobowych, published an updated guide on data protection violations and engaging with the UODO regarding violations. The updates include revised procedures for responding to violations, practical examples, and recommendations for conducting risk assessments and avoiding data breaches.Full story
The Office of the Australian Information Commissioner said it will accept nonprofit Oxfam Australia's plan to improve data protection practices after it sustained a data breach affecting up to 1.7 million records. Accepting the plan does not mean the charity has been found in violation of the country's privacy laws.