News Items Topics Internet Law Update

California Approves Regulations for the Delete Act and DROP Platform

The California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law has formally approved the regulatory package implementing the Delete Act.

The regulations, effective 1 January 2026, operationalize the California-managed Delete Request and Opt-out Platform (DROP), a centralized mechanism enabling consumers to issue a single deletion request to all registered data brokers. The framework represents a significant ...

UK ICO Publishes Public-Sector Enforcement Strategy

The UK Information Commissioner’s Office (ICO) published a blog outlining its enforcement approach to the UK public sector under the UK GDPR and Data Protection Act 2018. The ICO emphasizes that its primary objective is to raise data protection standards across sectors rather than rely on fines as the default tool. Early engagement with senior decision-makers, audits, guidance, and sandbox-type ...

EDPB Issues a Favorable Opinion on EU-Brazil Data-Transfer Adequacy

The European Data Protection Board (EDPB) adopted an opinion on the European Commission’s draft implementing decision under Article 45 of the GDPR, recognizing that Brazil ensures an essentially equivalent level of protection for personal data. The opinion acknowledges Brazil’s comprehensive framework as closely aligned with the EU’s General Data Protection Regulation (GDPR).

However, the EDPB highlighted several key areas requiring ...

European Data Protection Supervisor Issues New Guidance on AI Risk-Management

The European Data Protection Supervisor (EDPS) published “Guidance for Risk Management of Artificial Intelligence Systems” in respect of EU institutions, bodies, and agencies subject to the version of the GDPR that applies to EU bodies (“EUDPR”).

The guidance aims to help EU institutions acting as controllers to identify and reduce specific data protection risks under the EUDPR. The guidance focuses ...

California Introduces New Age Verification Requirements for Software Applications

This October, California Governor Gavin Newsom signed the Digital Age Assurance Act into law, establishing new age verification rules for software applications. The law takes effect on January 1, 2027.

The law focuses on mandatory age verification signals for software applications and online services, aiming to provide greater protections for child users.

Operating system providers (OSPs) are required to provide ...

UK Proposes a New Cyber Security and Resilience Bill

The UK Parliament has begun deliberations on the Cyber Security and Resilience (Network and Information Systems) Bill. The proposed UK act aims to improve the security and resilience of network and information systems relied upon for essential activities, primarily through amendments to the existing Network and Information Systems Regulations 2018 (the NIS Regulations).

The bill’s operative parts begin with amendments ...

German Court Finds Copyright Infringement in Generative AI Training

The Munich I Regional Court (Landgericht München I) issued a decision recognizing that the large language models (LLMs) used by OpenAI contained memorized reproductions of protected song-lyrics and held that use of the models constituted a reproduction under copyright law. The case involved claims by GEMA (German Society for Musical Performance and Mechanical Reproduction Rights) that OpenAI’s models had memorized ...

EU Launches “Apply AI” Strategy to Accelerate AI Adoption

The European Commission has adopted the “Apply AI Strategy,” aiming to leverage the rapidly advancing capabilities of Artificial Intelligence (AI) to reshape entire industries and the public sector.

Building on the EU AI Act and a commitment to trustworthy, human-centric AI, the strategy seeks to boost innovation, accelerate productivity, and reinforce the EU’s competitive strength and technological sovereignty. While the ...

More News Items