UK organizations grappling with cross-border data transfers have new help at hand. The country’s data protection regulator has published updated guidance on international transfers of personal information, with the stated aim of making the rules under the UK GDPR quicker to understand and easier to apply in practice.
For years, cybersecurity has been treated like a home alarm system. You install it, arm it, and hope it only goes off when something truly bad happens. The problem is that modern cyber threats no longer behave like burglars rattling windows at night. They act more like termites, quietly weakening structures over time, or like flash floods that overwhelm defenses faster than alarms can react. In this environment, reacting after the fact is no longer enough. Organizations must move from reactive cybersecurity to proactive cyber resilience.
The UK’s online safety regulator Ofcom has opened a fresh set of investigations under the Online Safety Act, sharpening its focus on how platforms assess and manage risks tied to AI-driven services and illegal content. The actions target X over the use of its Grok AI chatbot, as well as Novi Ltd’s AI companion chatbot service, while also highlighting how regulatory pressure has already forced Snapchat to rethink its approach to illegal content risks.
The Federal Trade Commission has finalized a far-reaching settlement with General Motors and its connected-vehicle subsidiary OnStar, closing a case that puts the fast-growing connected car economy squarely in the regulator’s sights.
In a statement recently published, the Danish Data Protection Authority laid out the areas that will receive special attention in its supervisory work this year. The priorities form the backbone of inspections, guidance, complaint handling, and European cooperation planned for 2026, and they reflect a growing unease about how fast-moving technologies are reshaping everyday data processing, often in ways individuals have little real ability to resist.
Sweden’s data protection watchdog is starting 2026 with a quieter but meaningful internal reset, one that reflects how enforcement, guidance, and technology are increasingly intertwined in day-to-day GDPR oversight.
A federal judge has approved a $10 million settlement requiring Disney to resolve allegations that the company enabled the unlawful collection of children’s personal data through kid-directed content on YouTube, marking the latest escalation in U.S. enforcement of children’s online privacy rules.