DataGuidance
@dataguidance.bsky.social
We share daily regulatory updates on AI, privacy, and cybersecurity from OneTrust DataGuidance, backed by 20+ years of expertise.
UK: DSIT announces bill to tackle AI child abuse.
The amendment to the Crime and Policing Bill will allow experts to test #AI systems safely, ensuring robust safeguards are in place to block the generation of illegal content.
Read now: https://bit.ly/4qTsBHW
The amendment to the Crime and Policing Bill will allow experts to test #AI systems safely, ensuring robust safeguards are in place to block the generation of illegal content.
Read now: https://bit.ly/4qTsBHW
November 12, 2025 at 6:08 PM
UK: DSIT announces bill to tackle AI child abuse.
The amendment to the Crime and Policing Bill will allow experts to test #AI systems safely, ensuring robust safeguards are in place to block the generation of illegal content.
Read now: https://bit.ly/4qTsBHW
The amendment to the Crime and Policing Bill will allow experts to test #AI systems safely, ensuring robust safeguards are in place to block the generation of illegal content.
Read now: https://bit.ly/4qTsBHW
UK: Cyber Security and Resilience Bill introduced to Parliament.
The bill expands regulation to IT and data service providers, introduces stricter reporting requirements, and allows tougher penalties for serious breaches.
Learn more: https://bit.ly/3JPRKme
The bill expands regulation to IT and data service providers, introduces stricter reporting requirements, and allows tougher penalties for serious breaches.
Learn more: https://bit.ly/3JPRKme
November 12, 2025 at 5:04 PM
UK: Cyber Security and Resilience Bill introduced to Parliament.
The bill expands regulation to IT and data service providers, introduces stricter reporting requirements, and allows tougher penalties for serious breaches.
Learn more: https://bit.ly/3JPRKme
The bill expands regulation to IT and data service providers, introduces stricter reporting requirements, and allows tougher penalties for serious breaches.
Learn more: https://bit.ly/3JPRKme
Texas: AG sues Roblox for deceptive practices and child endangerment.
The lawsuit claims #Roblox misled families about platform safety while failing to prevent exploitation and exposure to harmful content.
Check it out: https://bit.ly/4oCa0hW
The lawsuit claims #Roblox misled families about platform safety while failing to prevent exploitation and exposure to harmful content.
Check it out: https://bit.ly/4oCa0hW
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
www.dataguidance.com
November 12, 2025 at 4:00 PM
Texas: AG sues Roblox for deceptive practices and child endangerment.
The lawsuit claims #Roblox misled families about platform safety while failing to prevent exploitation and exposure to harmful content.
Check it out: https://bit.ly/4oCa0hW
The lawsuit claims #Roblox misled families about platform safety while failing to prevent exploitation and exposure to harmful content.
Check it out: https://bit.ly/4oCa0hW
USA: Bill on AI chatbot age verification requirements introduced to Senate.
The bill requires AI chatbots to implement age verification measures and imposes certain transparency obligations.
Check it out: https://bit.ly/4p76M6e
The bill requires AI chatbots to implement age verification measures and imposes certain transparency obligations.
Check it out: https://bit.ly/4p76M6e
November 10, 2025 at 8:16 PM
USA: Bill on AI chatbot age verification requirements introduced to Senate.
The bill requires AI chatbots to implement age verification measures and imposes certain transparency obligations.
Check it out: https://bit.ly/4p76M6e
The bill requires AI chatbots to implement age verification measures and imposes certain transparency obligations.
Check it out: https://bit.ly/4p76M6e
USA: Coalition of AGs secure $5.1M settlement with Illuminate Education for data breach involving student data.
The breach exposed student names and whether they received special education services or reasonable accommodations.
Learn more: https://bit.ly/3XieONw
The breach exposed student names and whether they received special education services or reasonable accommodations.
Learn more: https://bit.ly/3XieONw
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 10, 2025 at 7:12 PM
USA: Coalition of AGs secure $5.1M settlement with Illuminate Education for data breach involving student data.
The breach exposed student names and whether they received special education services or reasonable accommodations.
Learn more: https://bit.ly/3XieONw
The breach exposed student names and whether they received special education services or reasonable accommodations.
Learn more: https://bit.ly/3XieONw
Ireland: DPC issues statement on LinkedIn AI training risks.
The DPC requires LinkedIn to compile a report within five months of processing commencement, including an evaluation of the effectiveness of the safeguards
Explore now: https://bit.ly/43JcS4v
The DPC requires LinkedIn to compile a report within five months of processing commencement, including an evaluation of the effectiveness of the safeguards
Explore now: https://bit.ly/43JcS4v
November 10, 2025 at 6:08 PM
Ireland: DPC issues statement on LinkedIn AI training risks.
The DPC requires LinkedIn to compile a report within five months of processing commencement, including an evaluation of the effectiveness of the safeguards
Explore now: https://bit.ly/43JcS4v
The DPC requires LinkedIn to compile a report within five months of processing commencement, including an evaluation of the effectiveness of the safeguards
Explore now: https://bit.ly/43JcS4v
USA: Senator introduces Health Information Privacy Reform Act.
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
November 6, 2025 at 8:16 PM
USA: Senator introduces Health Information Privacy Reform Act.
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
The bill aims to enhance protections for health information through new regulations and standards that align with existing #HIPAA and #HITECH Act requirements.
Learn more: https://bit.ly/4qKDdc9
EU: Commission launches work on code of practice on transparency of AI-generated content.
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 6, 2025 at 7:12 PM
EU: Commission launches work on code of practice on transparency of AI-generated content.
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
This is start of the process to develop a framework which will help deployers and providers of generative AI systems comply with obligations under Article 50 of the AI Act.
Read now: https://bit.ly/4oVxpe8
EU: EDPB adopts opinion on draft Brazil adequacy decision.
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 6, 2025 at 6:08 PM
EU: EDPB adopts opinion on draft Brazil adequacy decision.
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
The EDPB highlighted that Brazilian data protection framework requirements are closely aligned with the #GDPR but called on the Commission to further clarify other areas.
Read now: https://bit.ly/3Lwqols
India: MeitY unveils India AI governance guidelines.
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
November 5, 2025 at 8:16 PM
India: MeitY unveils India AI governance guidelines.
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
The guidelines include seven guiding principles for ethical and responsible AI, recommendations across six pillars of #AI governance.
Check it out: https://bit.ly/47ELN3l
Germany: BfDI approves first consent manager under Consent Management Ordinance.
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
November 5, 2025 at 7:12 PM
Germany: BfDI approves first consent manager under Consent Management Ordinance.
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
The BfDI stated that this approval is an important step towards more user-friendly management of data protection settings.
Read more: https://bit.ly/3JDOrOW
Vietnam: Government issues National Data Architecture Framework.
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
November 5, 2025 at 6:08 PM
Vietnam: Government issues National Data Architecture Framework.
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
The framework provides orientation on data sharing models across ministries, government agencies, political organizations, and provincial authorities.
Learn more: https://bit.ly/484pULh
Singapore: Cybersecurity Amendment Act provisions in force.
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
November 5, 2025 at 4:00 PM
Singapore: Cybersecurity Amendment Act provisions in force.
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
The amendments to the #Cybersecurity Act update regulations concerning CII and expand oversight to include Systems of Temporary Cybersecurity Concern.
Check it out: https://bit.ly/4hGa7ql
China: CAC publishes Q&A on new regulations for cross-border data flows.
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
November 4, 2025 at 8:16 PM
China: CAC publishes Q&A on new regulations for cross-border data flows.
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
The Q&A clarifies aspects of the new regulations, including the scope of exemptions, reassessment of the data transfer system, and rules for onward transfers.
Read now: https://bit.ly/4930D67
New York: Last phase of compliance under NYDFS' Cybersecurity Regulation amendments enters into effect.
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
November 4, 2025 at 7:12 PM
New York: Last phase of compliance under NYDFS' Cybersecurity Regulation amendments enters into effect.
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
The new obligations for small businesses include complying with multifactor authentication and implementing asset inventory requirements.
Learn more: https://bit.ly/4hEQIpA
Oregon: AG publishes Quarter 3 2025 Enforcement Report under OCPA.
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
November 4, 2025 at 4:00 PM
Oregon: AG publishes Quarter 3 2025 Enforcement Report under OCPA.
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
The report highlights changes to the OCPA, including its expanded scope, and the universal opt-out mechanism, which will become operational in January 2026.
Read now: https://bit.ly/4qFUlzJ
USA: Coalition send letter to FTC to stop Meta's use of chat data for ads.
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
November 3, 2025 at 8:16 PM
USA: Coalition send letter to FTC to stop Meta's use of chat data for ads.
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
The coalition of over 30 privacy, consumer protection, children's rights, and civil rights advocates requests that the #FTC initiate an investigation.
Explore more: https://bit.ly/3LmRdIL
Texas: AG finalizes $1.375B settlement with Google over privacy.
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
DataGuidance
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
bit.ly
November 3, 2025 at 7:12 PM
Texas: AG finalizes $1.375B settlement with Google over privacy.
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
The AG noted that they had previously sued Google for unlawfully tracking and collecting users' #privatedata regarding geolocation, incognito searches, and biometric data.
Learn more: https://bit.ly/4nwIilr
Colombia: SIC fines Colombia Telecomunicaciones COP 670 million for unlawful data processing.
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
November 3, 2025 at 6:08 PM
Colombia: SIC fines Colombia Telecomunicaciones COP 670 million for unlawful data processing.
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
The SIC stated that Colombia Telecomunicaciones violated the Data Protection Law by contacting users of another telecommunications company without their authorization.
Learn more: https://bit.ly/47yvapQ
California: AG secures $530,000 settlement with Sling TV for CCPA violations.
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
November 3, 2025 at 5:00 PM
California: AG secures $530,000 settlement with Sling TV for CCPA violations.
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
The AG investigation found that Sling TV failed to provide an easy-to-use method for consumers to stop the sale of their personal information.
Read on: https://bit.ly/4oLKlmz
USA: EPIC publishes report on AGs' privacy enforcement actions.
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
October 31, 2025 at 8:16 PM
USA: EPIC publishes report on AGs' privacy enforcement actions.
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
The report highlights enforcement actions taken in response to privacy concerns over the past five years and outlines trends within data practices and compliance.
Learn more: https://bit.ly/47fNUvC
EU: Parliament publishes study on interplay between AI Act and digital frameworks.
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
October 31, 2025 at 7:12 PM
EU: Parliament publishes study on interplay between AI Act and digital frameworks.
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
The study compares the EU AI Act to the GDPR, DSA, DMA, CRA, and the NIS2 Directive.
Check it out: https://bit.ly/3Jm3mND
Singapore: CSA opens public consultation on addendum to AI security guidelines.
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
October 31, 2025 at 6:08 PM
Singapore: CSA opens public consultation on addendum to AI security guidelines.
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
The consultation on the Addendum, which identifies and assesses risks associated with agentic AI systems and offers practical controls to mitigate risks, runs until Dec 31, 2025.
Learn more: https://bit.ly/4ojzBMH
Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
October 31, 2025 at 5:04 PM
Colombia: SIC publishes draft Model Contractual Clauses for international data transfers.
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
The MCCs would facilitate international transfers in compliance with the Data Protection Law and are based on the RIPD MCCs.
Read on: https://bit.ly/4oIjg3N
UK: ICO publishes enforcement procedural guidance for consultation.
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
October 31, 2025 at 4:00 PM
UK: ICO publishes enforcement procedural guidance for consultation.
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC
The guidance includes explanations on factors the ICO considers when deciding whether to open an investigation and how the ICO will use its new information gathering powers under the DUAA.
Read now: https://bit.ly/3X5zgRC