California AG Settles with Disney for $2.75 Million Over CCPA Violations. California Attorney General Rob Bonta announced a $2.75 million settlement with the Walt Disney Company, the largest civil penalty to date under the California Consumer Privacy Act (CCPA). The settlement resolves allegations that Disney failed to fully effectuate consumers’ requests to opt out of the sale or sharing of ...
Virginia Attorney General Jay Jones announced that his office intends to fully enforce new provisions of the Virginia Consumer Data Protection Act (VCDPA) that restrict minors’ use of social media. The announcement follows the AG’s filing of a motion to dismiss a federal lawsuit brought by NetChoice, a trade association representing major technology and social media companies, seeking to block ...
Israel’s Privacy Protection Authority (PPA) has published its position paper on the principle of consent under Israeli privacy law. The paper, which builds upon a draft opinion published for public consultation in February 2025, clarifies how consent applies in the digital age and outlines the PPA’s interpretations that will guide its enforcement efforts under Amendment 13 to the Privacy Protection ...
The European Data Protection Board (EDPB) published its report on the stakeholder event on anonymization and pseudonymization held on December 12, 2025. The remote event gathered input from 115 participants spanning industry, NGOs, academia, law firms, and public sector bodies to inform the EDPB’s ongoing work on its Guidelines 01/2025 on Pseudonymization and forthcoming guidance on anonymization.
The event was ...
The European Data Protection Board (EDPB) adopted its work program for 2026–2027 during its latest plenary session. This is the second work program supporting the implementation of the EDPB’s four-pillar strategy for 2024–2027, and reflects commitments made in the Helsinki Statement on enhanced clarity, support, and engagement.
The program is structured around four pillars. The first pillar focuses on enhancing ...
On February 5, 2026, the majority of the data protection provisions of the UK Data (Use and Access) Act 2025 (DUAA) came into force, bringing significant reforms to the UK’s data protection and e-privacy framework. The Act, which received Royal Assent on June 19, 2025, was commenced through the Data (Use and Access) Act 2025 (Commencement No. 6 and Transitional ...
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a Joint Opinion on the European Commission’s Digital Omnibus Regulation proposal. The proposal, published by the Commission on November 19, 2025, aims to simplify the EU’s digital regulatory framework by amending key legislation, including the GDPR, the ePrivacy Directive, the Data Act, and the NIS 2 ...
New user? Click here to register