On October 8, 2025, Governor Gavin Newsom signed into law a bill amending California’s data broker registration law with new disclosure requirements for data brokers. The Governor describes the bill as part of a broader agenda that focuses on consumer protection and provides consumers greater control over their data. The amendment will take effect on January 1, 2026.
The key ...
On September 17, 2025, the Italian Senate approved a law on Provisions and Delegations to the Government Regarding Artificial Intelligence. The legislation promotes the correct, transparent, and responsible use of AI in Italy, prioritizing the human dimension. It aims to ensure vigilance over the economic and social risks associated with AI and its impact on fundamental rights. The provisions are ...
A new bill in California would prohibit businesses from developing or maintaining an Internet browser unless it includes functionality configurable by the user that enables the browser to send an opt-out preference signal. Under the California Privacy Protection Act and its implementing regulations, an opt-out preference signal is a technology tool that communicates the choice of a user of a ...
The Australian Information Commissioner (AIC), Carly Kind, found that Kmart Australia Limited interfered with individuals’ privacy by using a Facial Recognition Technology (FRT) system in 28 retail stores between June 2020 and July 2022 to detect and prevent store refund fraud.
The Commissioner substantiated multiple breaches of the Australian Privacy Act 1988:
The European Commission announced it had fined Google €2.95 billion for breaching EU antitrust rules. The Commission concluded that Google abused its dominant position by distorting competition in the online advertising technology (‘adtech’) industry. According to the EU Commission, this behavior harmed online publishers, competing adtech providers, advertisers, and consumers.
The European Commission’s investigation found that Google is dominant in ...
The European Union’s General Court (a lower court under the Court of Justice) dismissed an action to invalidate the European Commission’s Implementing Decision (EU) 2023/1795, which established the new EU-US Data Privacy Framework. The General Court’s decision affirmed that the Commission’s finding of an adequate level of protection for personal data transferred to the United States was lawful.
The General ...
The United States District Court for the District of Columbia has decided the remedies phase of the antitrust case that the U.S. federal government, along with numerous states in the U.S., asserted against Google LLC. The court adopted a comprehensive six-year remedy plan aimed at restoring competition in the monopolized general search services and general search text advertising markets.
The ...
The European Data Protection Board (EDPB) issued its draft guidelines (for public comments) on the interplay between the Digital Services Act (DSA) and the GDPR. The guidelines underscore that the DSA is without prejudice to the GDPR and does not derogate from the general rules on personal data processing, requiring consistent and coherent application of both frameworks.
The draft guidelines ...
New user? Click here to register