South Korea is set to strengthen its privacy enforcement regime after lawmakers approved amendments to the country’s Personal Information Protection Act (PIPA) that introduce tougher penalties for repeat data breaches, expand the responsibilities of corporate leadership, and require certain organizations to adopt formal security and privacy certification frameworks.
The European Commission and the European Data Protection Board (EDPB) have published the responses received during a public consultation on draft guidelines designed to clarify how two cornerstone pieces of EU digital regulation (the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR) should interact in practice.
Italy’s data protection authority has fined energy supplier Acea Energia €2 million after an investigation found that contracts for electricity and gas services were activated without customers’ knowledge, following failures in how the company and its sales partners handled personal data.
A cyberattack on research systems at the University of Hawaiʻi Cancer Center has exposed personal data connected to roughly 1.2 million individuals, according to incident disclosures released by the university in late February.
Poland’s highest administrative court has revived a GDPR enforcement case against Fortum Marketing and Sales and its IT provider Pika, siding with the country’s data protection authority and reopening the path for multimillion-złoty fines tied to a 2020 data breach affecting more than 95,000 people.
South Korea’s media regulator is stepping into the growing controversy over Instagram’s mass account suspensions, opening a formal investigation into what many users have described as a sweeping and unexplained “ban wave.”
As lawmakers globally push for tougher age checks online and platforms scramble to respond, the Federal Trade Commission is stepping in to clarify how far companies can go without tripping over federal child privacy law.