DataGuidance
@dataguidance.bsky.social
We share daily regulatory updates on AI, privacy, and cybersecurity from OneTrust DataGuidance, backed by 20+ years of expertise.
USA: Senator introduces Health Information Privacy Reform Act.
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
November 6, 2025 at 8:16 PM
USA: Senator introduces Health Information Privacy Reform Act.
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
EU: Commission launches work on code of practice on transparency of AI-generated content.
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 6, 2025 at 7:12 PM
EU: Commission launches work on code of practice on transparency of AI-generated content.
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
EU: EDPB adopts opinion on draft Brazil adequacy decision.
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 6, 2025 at 6:08 PM
EU: EDPB adopts opinion on draft Brazil adequacy decision.
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
India: MeitY unveils India AI governance guidelines.
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
November 5, 2025 at 8:16 PM
India: MeitY unveils India AI governance guidelines.
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
Germany: BfDI approves first consent manager under Consent Management Ordinance.
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
November 5, 2025 at 7:12 PM
Germany: BfDI approves first consent manager under Consent Management Ordinance.
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
Vietnam: Government issues National Data Architecture Framework.
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
November 5, 2025 at 6:08 PM
Vietnam: Government issues National Data Architecture Framework.
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
Singapore: Cybersecurity Amendment Act provisions in force.
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
November 5, 2025 at 4:00 PM
Singapore: Cybersecurity Amendment Act provisions in force.
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
China: CAC publishes Q&A on new regulations for cross-border data flows.
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
November 4, 2025 at 8:16 PM
China: CAC publishes Q&A on new regulations for cross-border data flows.
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
New York: Last phase of compliance under NYDFS' Cybersecurity Regulation amendments enters into effect.
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
November 4, 2025 at 7:12 PM
New York: Last phase of compliance under NYDFS' Cybersecurity Regulation amendments enters into effect.
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
Oregon: AG publishes Quarter 3 2025 Enforcement Report under OCPA.
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
November 4, 2025 at 4:00 PM
Oregon: AG publishes Quarter 3 2025 Enforcement Report under OCPA.
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
USA: Coalition send letter to FTC to stop Meta's use of chat data for ads.
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
November 3, 2025 at 8:16 PM
USA: Coalition send letter to FTC to stop Meta's use of chat data for ads.
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
Texas: AG finalizes $1.375B settlement with Google over privacy.
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 3, 2025 at 7:12 PM
Texas: AG finalizes $1.375B settlement with Google over privacy.
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
Colombia: SIC fines Colombia Telecomunicaciones COP 670 million for unlawful data processing.
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
November 3, 2025 at 6:08 PM
Colombia: SIC fines Colombia Telecomunicaciones COP 670 million for unlawful data processing.
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
California: AG secures $530,000 settlement with Sling TV for CCPA violations.
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
November 3, 2025 at 5:00 PM
California: AG secures $530,000 settlement with Sling TV for CCPA violations.
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
USA: EPIC publishes report on AGs' privacy enforcement actions.
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
October 31, 2025 at 8:16 PM
USA: EPIC publishes report on AGs' privacy enforcement actions.
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
EU: Parliament publishes study on interplay between AI Act and digital frameworks.
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
October 31, 2025 at 7:12 PM
EU: Parliament publishes study on interplay between AI Act and digital frameworks.
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
Singapore: CSA opens public consultation on addendum to AI security guidelines.
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
October 31, 2025 at 6:08 PM
Singapore: CSA opens public consultation on addendum to AI security guidelines.
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
October 31, 2025 at 5:04 PM
Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
UK: ICO publishes enforcement procedural guidance for consultation.
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
October 31, 2025 at 4:00 PM
UK: ICO publishes enforcement procedural guidance for consultation.
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
UK: ICO fines sole trader £200,000 for sending unsolicited direct marketing messages.
The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.
Learn more: https://bit.ly/4ogqNXG
The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.
Learn more: https://bit.ly/4ogqNXG
October 30, 2025 at 9:00 PM
UK: ICO fines sole trader £200,000 for sending unsolicited direct marketing messages.
The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.
Learn more: https://bit.ly/4ogqNXG
The ICO found that the sole trader violated the PECR for transmitting unsolicited direct marketing messages without consent.
Learn more: https://bit.ly/4ogqNXG
Switzerland: Federal Council launches consultation on very large online platforms and search engines regulation.
Check it out: https://bit.ly/4oCoiPa
Check it out: https://bit.ly/4oCoiPa
October 30, 2025 at 7:12 PM
Switzerland: Federal Council launches consultation on very large online platforms and search engines regulation.
Check it out: https://bit.ly/4oCoiPa
Check it out: https://bit.ly/4oCoiPa
Finland: Ombudsman fines Aktia €865,000 for security flaws in electronic identification service.
The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.
Read on: https://bit.ly/49b5KRZ
The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.
Read on: https://bit.ly/49b5KRZ
October 30, 2025 at 6:08 PM
Finland: Ombudsman fines Aktia €865,000 for security flaws in electronic identification service.
The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.
Read on: https://bit.ly/49b5KRZ
The Ombudsman found that Aktia violated the GDPR for a 2023 breach due to technical changes.
Read on: https://bit.ly/49b5KRZ
EU: EDPS publishes revised guidelines on generative AI.
The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.
Learn more: https://bit.ly/3L5IJG2
The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.
Learn more: https://bit.ly/3L5IJG2
October 30, 2025 at 5:04 PM
EU: EDPS publishes revised guidelines on generative AI.
The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.
Learn more: https://bit.ly/3L5IJG2
The guidelines include key updates, such as a refined definition for generative AI and a new compliance checklist to help EUIs ensure the lawfulness of their processing activities.
Learn more: https://bit.ly/3L5IJG2
EU: Delegated act on data access enters into force.
The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.
Read now: https://bit.ly/4oOZTGy
The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.
Read now: https://bit.ly/4oOZTGy
October 30, 2025 at 4:00 PM
EU: Delegated act on data access enters into force.
The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.
Read now: https://bit.ly/4oOZTGy
The delegated act will allow qualified researchers to request access to data from VLOPs and VLOSEs to study the societal impact stemming from the platforms' systems.
Read now: https://bit.ly/4oOZTGy
Colombia: House Committee approves combined bill to amend data protection law.
The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.
Learn more: https://bit.ly/49t37uB
The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.
Learn more: https://bit.ly/49t37uB
October 29, 2025 at 9:00 PM
Colombia: House Committee approves combined bill to amend data protection law.
The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.
Learn more: https://bit.ly/49t37uB
The consolidated bill would expand the territorial scope of the Data Protection Law, introduce new rules for processing children's data, and establish new data subject rights.
Learn more: https://bit.ly/49t37uB