California has secured its largest settlement yet under the California Consumer Privacy Act, with Attorney General Rob Bonta announcing that The Walt Disney Company will pay $2.75 million to resolve allegations that it failed to fully honor consumers’ requests to opt out of the sale or sharing of their personal information.
Ireland’s Data Protection Commission has opened a formal inquiry into X and the Irish entity responsible for the X platform in the EU, over concerns that generative artificial intelligence tools linked to the platform may have been used to create and publish non-consensual intimate images.
Ofcom has fined Kick Online Entertainment £800,000 after finding the company failed to put in place age checks to stop children from accessing pornographic content, in breach of duties under the Online Safety Act.
The European Data Protection Board has set out how it intends to navigate the next phase of Europe’s digital rulebook, adopting its 2026–2027 work program to make GDPR compliance easier to understand, ensure enforcement is more consistent across borders and strengthen cooperation in an increasingly crowded regulatory landscape.
The European Data Protection Board and the European Data Protection Supervisor have thrown their weight behind efforts to simplify the European Union’s digital rulebook, while drawing a firm red line around proposed changes to the definition of personal data.
This week, the Japanese Financial Services Agency published a draft policy aimed at strengthening cybersecurity measures for crypto-asset exchange service providers, opening the door for public feedback as authorities look to curb the steady drumbeat of crypto thefts and system breaches seen around the world.
Over the course of the last year, the France’s data protection authority, the Commission nationale de l'informatique et des libertés (CNIL), issued 259 decisions, ranging from sanctions and compliance orders to reminders of legal obligations and warnings. Together, those actions translated into €486,839,500 in cumulative fines, or roughly $530 million, with cookies, employee monitoring, and data security emerging as the most common fault lines.