GRC Report Staff

Visa and Mastercard have agreed to pay a combined $199.5 million to resolve a long-running class action lawsuit accusing them of unfairly shifting fraud-related costs to merchants. The proposed deal, filed in the U.S. District Court for the Eastern District of New York, marks the latest in a string of settlements over card network rules and awaits approval from Chief Judge Margo Brodie, according to a recent Reuters report.

In a big step toward embedding sustainability into legal frameworks across Latin America, UK-based nonprofit The Chancery Lane Project (TCLP) has announced the successful transposition of 17 climate-aligned clauses into Mexican law. The initiative, achieved in partnership with Nader, Hayaux & Goebel and Hogan Lovells, was unveiled at the Global Alliance of Impact Lawyers (GAIL) Summit in Mexico City.

Australia just crossed a major privacy enforcement milestone. The Federal Court has ordered Australian Clinical Labs (ACL) to pay $3.8 million (AUD $5.8 million) in penalties after a cyberattack on its Medlab Pathology business exposed the personal information of more than 223,000 individuals.

Germany’s financial watchdog, BaFin, has fined Oldenburgische Landesbank AG €910,000 ($992,000) after uncovering multiple compliance and control breaches under the German Securities Trading Act (WpHG) during 2020 and 2021.

Australia’s financial watchdog has issued a pointed warning to licensees relying on offshore service providers, urging stronger oversight and risk management after a review uncovered governance shortfalls that could leave consumers and investors exposed.

The European Data Protection Board (EDPB) and the European Commission have issued their first-ever joint guidelines, clarifying how the Digital Markets Act (DMA) interacts with the General Data Protection Regulation (GDPR). The document aims to provide legal certainty and consistency for companies subject to both frameworks, particularly large online platforms designated as “gatekeepers.”

California Governor Gavin Newsom has signed into law the California Opt Me Out Act (AB 566), authored by Assemblymember Lowenthal and sponsored by the California Privacy Protection Agency (CPPA). The law cements California’s leadership in digital privacy by requiring all browsers operating in the state to include a built-in, one-click mechanism for users to opt out of data sales and sharing online.