OneTrust DataGuidance

Israel: PPA publishes opinion on DPO appointment for public consultation. The PPA issued a draft opinion for comment on appointing DPOs, outlining who is required to appoint one and their responsibilities and qualifications Read now: bit.ly/3IFKOHv

Netherlands: AP publishes presentation on AI and emotion recognition, The AP highlighted the need for transparency when using #AI and emotion recognition, noting that customers were not aware when such technology was applied. Learn more: bit.ly/454yMyW

International: Komdigi publishes clarifying statement on US data transfers. The trade deal provides for legitimate, limited, and legally justifiable purposes for cross-border transfers between Indonesia and the US. Learn more: bit.ly/3ILvetV

Germany: BSI publishes white paper on bias in AI. The white paper outlines methods for bias detection in both data and AI models. Additionally, it provides strategies for bias mitigation. Check it out: bit.ly/4m5fCQ4

UK: Age verification requirements under Online Safety Act Codes of Practice come into effect Ofcom will begin enforcement from July 25, 2025, against any company that allows pornographic content and does not comply with age-check requirements. Read now: bit.ly/40zmLQx

California: CPPA unanimously votes to adopt the Proposed Regulations. The CPPA will now file the Proposed Regulations with the Office of Administrative Law as the next steps towards the final enactment. Read now: bit.ly/46Z9MLS

Spain: AEPD fines Trive Credit Spain €225,000 for failing to comply with AEPD decision. The fine follows Trive Credit's failure to comply with a binding AEPD order to grant a data subject’s access request, in breach of the #GDPR. Learn more: bit.ly/4o4Pk2n

Saudi Arabia: NCA publishes National Cybersecurity Risk Management Framework. Saudi Arabia released a new Cybersecurity Risk Management Framework, requiring entities to assess, report, and manage cyber risks under unified national guidelines. Read now: bit.ly/3IMcSZz

New York: Governor announces proposed amendments to utility companies cybersecurity rules for utility, water, and wastewater systems, requiring risk assessments, incident reporting, and response plans. Read now: bit.ly/3IHXVb7

EU: The European Commission released a template for GPAI model providers to publish summaries of training data, promoting transparency, IP rights, and data protection under the EU AI Act. Check it out: bit.ly/4m7x8Dl

USA: White House issues AI Action Plan. The White House unveiled its AI Action Plan to boost innovation, build infrastructure, and remove regulatory barriers while promoting secure and responsible AI adoption. Read now: bit.ly/3UthExH

California: Bill for California Opt Me Out Act passes third reading in Senate. The bill would require browsers to support opt-out preference signals and mandate businesses to clearly explain how these signals work. Check it out: bit.ly/45fsCNw

International: US and Indonesia reach agreement on data transfers. The US and Indonesia signed a trade deal allowing cross-border data transfers by recognizing US data protection as adequate under Indonesian law. Read more: bit.ly/4o1ncNy

Kentucky: AG files lawsuit against Temu for unlawful processing of personal information. The Kentucky AG filed a lawsuit against Temu, alleging unlawful data collection, privacy violations, counterfeiting, and deceptive business practices. Learn more: bit.ly/4m8gZNY

EU: Commission publishes draft adequacy decision for UK data transfers, confirming the UK's data protection rules remain essentially equivalent to the GDPR and Law Enforcement Directive. Check it out: bit.ly/3ICcgG9

South Korea: PIPC announces amendments to Standards for Ensuring Security of Personal Information. South Korea's PIPC revised its Standards for Ensuring the Security of Personal Information. Learn more: bit.ly/4kVbGRh

Ireland: DPC publishes guidance on AI, LLMs, and data protection. The Irish DPC released guidance on AI and LLMs, highlighting GDPR risks and urging organizations to assess data use, ensure transparency, and implement strong safeguards. Read more: bit.ly/3IIgLi9

UK: Ofcom publishes draft guidance on qualifying worldwide revenue for online safety fees and penalties. Ofcom published draft guidance on calculating Qualifying Worldwide Revenue under the Online Safety Act. Read now: bit.ly/4kVbktV

France: CNIL publishes factsheets on the development of AI systems. France's CNIL released new AI factsheets covering #GDPR applicability, data annotation, and security in AI development. Check it out: bit.ly/44UbvQ4

Poland: UODO fines McDonald's PLN 16.9 million and 24/7 Communication PLN 183,860 for data protection violations. The UODO fined McDonald's Polska approx. $4.6 million and 24/7 Communication over $50,000 for GDPR violations. Read now: bit.ly/4m8x1aS