Topics Internet Law Update

Israeli Privacy Regulator Offers Guidance for DPOs

Israel’s Privacy Protection Authority (PPA) has published draft guidelines providing Data Protection Officers (DPOs) with a detailed framework for managing personal information throughout its entire lifecycle within organizations.

The guidance document outlines obligations and best practices across five key stages of data management: pre-planning, collection, storage, processing, and end-of-life disposal.

The Authority emphasizes that DPOs must be meaningfully involved from ...

Companies Hit with Hefty Fines under the GDPR, CCPA, and DSA

Recent enforcement actions across three major data protection and digital services regimes demonstrate that regulators on both sides of the Atlantic are increasingly willing to impose substantial penalties for non-compliance. From France to California to Brussels, companies face mounting consequences for violating privacy and transparency obligations.

EU Commission fines X.

In the most high-profile action, the European Commission on December ...

EU Privacy Regulators Warn Against Weakening the EU AI Act

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a joint opinion on the European Commission’s proposed Digital Omnibus on AI, supporting its goal of simplifying the implementation of the EU AI Act while cautioning against measures that could undermine fundamental rights.

he January 2026 opinion responds to the Commission’s November 2025 proposal to ...

New Guidance under the EU AI Act Ahead of its Next Enforcement Date

August 2, 2026, marks a key application date for the EU AI Act, when the regulation’s core framework becomes broadly operational.

High-risk systems under the EU AI Act

According to the EU AI Act’s Article 113, this date triggers the application of most provisions not already in force, including the comprehensive requirements for high-risk AI systems listed in Annex III. ...

New CCPA Regulations Taking Effect January 1, 2026

California is rolling out two significant regulatory packages that will reshape business obligations under California privacy law beginning January 1, 2026. Together, these regulations introduce comprehensive automated decision-making requirements, mandatory cybersecurity audits, risk assessments, and a centralized consumer deletion mechanism for data brokers.

Automated decision-making technology

The updated CCPA regulations establish extensive requirements for businesses using “automated decision-making technology” (ADMT), ...

U.S. Courts Step-In to Rule on Digital Copyright, AI, and Online Child Protection Issues

Robot.txt file is not a technological barrier.

Judge Sidney H. Stein of the Southern District of New York issued a remarkable ruling in the OpenAI copyright litigation relating to web scraping and AI training practices. In partially granting OpenAI’s motion to dismiss claims brought by digital publisher Ziff Davis, the court delivered a significant holding: robots.txt files do not constitute ...

EU Court and Regulators Clarify Contested Issues under the GDPR

The European Data Protection Board (EDPB) has published and opened for public comments new recommendations addressing the widespread practice of requiring users to create accounts before browsing or purchasing on e-commerce websites. The guide concludes that mandatory account creation can be lawfully justified only in narrow circumstances.

EDPB recommendations for eCommerce sites

The EDPB systematically analyzed the three legal bases ...

New Privacy, Data Protection and AI Laws in 2026

As 2026 begins, several significant legislative developments are reshaping the legal landscape governing artificial intelligence, digital identity, and data protection across the United States and European Union.

New York enacts AI transparency requirements for advertising.

Governor Hochul signed two related bills addressing synthetic media and digital replicas in commercial contexts. Senate Bill S8420A requires advertisers to conspicuously disclose when ...

More from Internet Law Update