For years, China’s cross-border data transfer regime was long on rules but short on consequences. Companies—both foreign and domestic—were given a relatively extended period to understand the requirements, formulate suitable strategies, and implement compliance measures. Recent enforcement actions led by the Cyberspace Administration of China (CAC), the country’s data regulator, suggest that the education phase

Continue Reading CHINA: China’s Data Regulator Means Business – The Education Phase Is Over

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) and Monash IVF Pty Ltd (Monash IVF), finding both entities interfered with individuals’ privacy via the use of website tracking pixels.

In the absence of an express regulatory

Continue Reading Australia: Pixel Perfect – The regulator addresses use of tracking pixels

A proposed common template for personal data breach notifications recently published by the European Data Protection Board (“EDPB“) for consultation has the potential to assist organisations in streamlining personal data breach reporting across the EU while also raising additional complexity and challenges for businesses.

In line with the EDPB’s Helsinki Statement on enhanced

Continue Reading EU: EDPB common template for breach notifications – welcome alignment or further complexity?

The Data (Use and Access) Act 2025 (“DUAA“), introduces a new statutory requirement for all controllers, with no exceptions, to implement a formal process to handle data protection complaints by 19 June 2026.

Key changes

The DUAA received Royal Assent on 19 June 2025 and introduces a number of amendments to the UK’s data

Continue Reading UK: New complaints handling rules under DUAA take effect on 19 June 2026 – are you ready?

The protection of children online, including the safeguarding of their personal data, has emerged as a key regulatory focus in the UK, with the Government facing sustained pressure to address concerns about children’s safety online.[1] Recent developments have added further momentum – in particular, Australia’s recent prohibition on social media use by under-16s has

Continue Reading UK: Protecting Children Online – A Changing Regulatory Landscape

On 26 May 2026, Spain’s Council of Ministers approved a draft Organic Law on the proper use and governance of artificial intelligence, aligning Spain’s national law with Regulation (EU) 2024/1689 (the “EU AI Act”). The legislation aims to create a framework for trustworthy, human‑centric AI, combining regulatory oversight while supporting innovation.

Governance

Continue Reading Spain: Government approves the draft Organic Law on the proper use and governance of artificial intelligence

Quantum computing is poised to profoundly reshape the cybersecurity landscape, with significant legal and regulatory implications. By introducing fundamentally different computational methods, enabling the simultaneous processing of multiple possibilities, quantum computing has the potential to undermine and ultimately render many traditional encryption techniques ineffective. The result is a significant systemic risk across critical infrastructures, including

Continue Reading Quantum Computing and the Future of Cyber Security

The UK Government’s legislative agenda, set out in the King’s Speech on 13 May 2026, places cybersecurity and digital resilience firmly at the centre of national policy. Against a backdrop of increasing geopolitical instability and rapidly evolving technological risks, the proposed measures continue the shift towards a more interventionist and systemic approach to safeguarding the

Continue Reading UK: The King’s Speech 2026 – Cybersecurity at the Forefront

On May 8, 2026, California Attorney General Rob Bonta — joined by the District Attorneys of San Francisco, Los Angeles, Napa, and Sonoma Counties, with support from the California Privacy Protection Agency (CalPrivacy) — announced a $12.75 million settlement with General Motors and OnStar (collectively, “GM”) over the alleged unlawful sale of California drivers’ geolocation

Continue Reading U.S.: California’s GM Settlement: Has Data Minimization Finally Arrived?

The SECURE Data Act 2026 and GUARD Financial Data Act were introduced on April 22, 2026. This legislation would impose major data restrictions and requirements across the U.S. economy. The bill would give the U.S. Department of Commerce and the Federal Trade Commission (FTC) expanded powers to oversee data collection and use.

The SECURE Data

Continue Reading U.S.: Comprehensive Federal Privacy Legislation Introduced