The European Data Protection Board has set out how it intends to navigate the next phase of Europe’s digital rulebook, adopting its 2026–2027 work program to make GDPR compliance easier to understand, ensure enforcement is more consistent across borders and strengthen cooperation in an increasingly crowded regulatory landscape.
The European Data Protection Board and the European Data Protection Supervisor have thrown their weight behind efforts to simplify the European Union’s digital rulebook, while drawing a firm red line around proposed changes to the definition of personal data.
This week, the Japanese Financial Services Agency published a draft policy aimed at strengthening cybersecurity measures for crypto-asset exchange service providers, opening the door for public feedback as authorities look to curb the steady drumbeat of crypto thefts and system breaches seen around the world.
Over the course of the last year, the France’s data protection authority, the Commission nationale de l'informatique et des libertés (CNIL), issued 259 decisions, ranging from sanctions and compliance orders to reminders of legal obligations and warnings. Together, those actions translated into €486,839,500 in cumulative fines, or roughly $530 million, with cookies, employee monitoring, and data security emerging as the most common fault lines.
Australia’s Federal Court has ordered FIIG Securities Limited to pay $1.77 million USD (AUD 2.5 million) after regulators found the fixed-income specialist failed for years to adequately protect client data from cyber threats, shortcomings that intensified the impact of a major data breach in 2023.
The Federal Trade Commission has delivered its second report to Congress outlining how the agency is using its enforcement, oversight, and education authorities to counter ransomware and other cyberattacks, according to a release issued February 6.
Swedish authorities have recently delivered a long-awaited attempt at clarity on how health data can be used, shared, and governed. A government assignment launched in June 2025 asked the Swedish eHealth Agency and the Swedish Data Protection Authority to do something healthcare actors have been asking for repeatedly i.e., explain how the law actually works in practice when it comes to health data. That work is now complete, with the authorities submitting their final report this week to the Ministry of Health and Welfare.