On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
Since the full enforcement of Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) in June 2022, the Personal Data Protection Committee (“PDPC”) has moved decisively from awareness-building to active enforcement. The transition emerged in 2024 when a leading e-commerce company was fined THB 7 million for breaching the law.
In
Continue Reading Thailand: PDPA Crackdown 2025: Are You Next? – Major Fines and Lessons from Thailand’s Latest Enforcement
In a decision issued on 18 July 2025 against Google LLC, the Personal Data Protection Office (PDPO) has affirmed that the data protection compliance obligations under Ugandan law apply to all entities that handle the personal data of Ugandan citizens, regardless of where they are based.
The office has also clarified that a
Continue Reading Uganda: Data protection Regulator Clarifies Compliance Requirements for Offshore Entities
The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision focuses on the employer’s use of content from Facebook, WhatsApp, and Messenger— shared from the employee’s personal accounts—for disciplinary purposes.
This ruling will have serious repercussions for any employer operating in Italy, especially those
Continue Reading Italy: Garante issues fine for use of employee’s private chats in disciplinary actions
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data protection and cybersecurity laws during the year 2024.
Based on the official statistics, during 2024, the CAC interviewed 11,159 website platforms, imposed warnings or
Continue Reading CHINA: Recent Enforcement TrendsOn 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.
Between 10 January and 3 March 2023, SkyBet’s website dropped third-party AdTech cookies to visitors’ browsers before
Continue Reading UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal dataAuthors: Carolyn Bigg, Yue Lin Lee
The provision setting out significantly higher financial penalties for Singapore’s Personal Data Protection Act 2012 (“PDPA”) is now in force.
There is now an increased risk for organisations contravening the PDPA in Singapore.
This means that in relation to any intentional or negligent contravention of:
Continue Reading SINGAPORE: Increased financial penalties under the PDPA now in effect
On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR.
It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning
Continue Reading NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial
