On April 7, 2026, the Alabama legislature unanimously passed House Bill 351, the Alabama Personal Data Protection Act. The bill cleared the House 104-0 and the Senate 34-0, making Alabama the 21st state to enact a comprehensive consumer privacy statute. If signed by Governor Kay Ivey, the law will take effect on May 1
Continue Reading U.S.: Alabama Becomes 21st State to Enact Comprehensive Privacy LawSeventh Circuit Holds BIPA’s 2024 Damages Amendment Applies Retroactively
In 2024, the Illinois General Assembly amended the Illinois Biometric Information Privacy Act (“BIPA”) to clarify that an individual cannot seek recovery for multiple alleged violations of BIPA when those violations concern the same person, defendant entity, and method of collection.
On April 1, 2026, the Seventh Circuit issued its decision in Clay v. Union
Continue Reading Seventh Circuit Holds BIPA’s 2024 Damages Amendment Applies Retroactively
UK: ICO Report on Automated Decision-Making in Recruitment
Organisations are increasingly turning to AI-enabled tools throughout the recruitment lifecycle, from CV filtering and suitability scoring to online assessments and behavioural analysis. These tools can offer real advantages, including faster hiring processes and the potential to reduce human bias that inevitably exists in traditional recruitment. However, their use often creates a tension with data
Continue Reading UK: ICO Report on Automated Decision-Making in Recruitment
Australia: Exposure draft of Children’s Online Privacy Code signals tougher standards
The Office of the Australian Information Commissioner (OAIC) has published an exposure draft of the landmark Privacy (Children’s Online Privacy) Code 2026 (Code), which crystallises expectations around how personal information of children must be collected and handled under the Privacy Act 1988 (Cth) (Privacy Act).
The Code applies on
Continue Reading Australia: Exposure draft of Children’s Online Privacy Code signals tougher standardsThe Ninth Circuit’s Latest CAADCA Ruling: Navigating an Evolving Compliance Landscape
California’s Age-Appropriate Design Code Act (CAADCA) remains at the center of one of the most significant legal battles in children’s privacy law. On March 12, 2026, the Ninth Circuit issued its latest decision in NetChoice, LLC v. Bonta, partially affirming and partially vacating the district court’s preliminary injunction that had blocked the law’s enforcement.
Continue Reading The Ninth Circuit’s Latest CAADCA Ruling: Navigating an Evolving Compliance Landscape
EU: CJEU Rules That a Single DSAR Can Be Refused as Abusive
Summary
On 19 March 2026, the Court of Justice of the European Union (CJEU) handed down its judgment in Case C-526/24, Brillen Rottler, clarifying that a data subject’s first request for access to personal data under Article 15 of the General Data Protection Regulation (GDPR) may be refused as “excessive”.
Continue Reading EU: CJEU Rules That a Single DSAR Can Be Refused as Abusive
U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
On March 5, 2026, the California Privacy Protection Agency (CalPrivacy or the Agency) announced a $375,703 settlement with Ford Motor Company (Ford), stemming from its long-running investigation into the privacy practices of connected vehicle manufacturers, an inquiry the Agency has been pursuing since 2023.
The Ford matter was announced just days after CalPrivacy’s settlement with
Continue Reading U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
Key Takeaways from the S-RM Cyber Incident Insights Report 2026
S‑RM’s 2026 Cyber Incident Insights Report offers one of the clearest indicators yet of how rapidly the global threat landscape is shifting. Drawing on more than 800 incidents handled throughout 2025, the report reveals a ransomware ecosystem that is expanding, fragmenting and becoming less predictable, while AI adoption(on both sides of the divide) introduces new
Continue Reading Key Takeaways from the S-RM Cyber Incident Insights Report 2026
U.S. Privacy Laws Legislative Update
After a legislative lull last year, 2026 has brought a new wave of state privacy lawmaking activity.
A number of states have introduced comprehensive state privacy bills during the legislative cycle, reflecting a continued trend toward expanding individual privacy rights and creating new compliance obligations on businesses that collect and process personal data.
While many
Continue Reading U.S. Privacy Laws Legislative Update
U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy