Mozambique: Assembly approves Cybersecurity Law and Cybercrime Law.

The Assembly has approved new Cybersecurity and Cybercrime laws, strengthening protections for digital systems and enabling tougher action against cyber threats.

Read now: https://bit.ly/41MYOp3

Latvia: Data State Inspectorate publishes operational strategy for 2026–2030.

The DVI has published its 2026–2030 strategy, setting priorities on public awareness, responsible innovation, and risk‑based supervision.

Check it out: https://bit.ly/4cqqZQV

Italy: Garante fines Poste Italiane and Postepay over €12.5 million for privacy violations linked to intrusive app‑based device monitoring and inadequate transparency and safeguards.

Read now: https://bit.ly/490Vbjb

Delaware: Bill amending DPDPA introduced to House.

The bill would significantly expand Delaware's data privacy law by lowering scope thresholds, strengthening consumer rights, and imposing new obligations on controllers and third parties.

Learn more: https://bit.ly/4eGcgCC

Colombia: MinTIC publishes draft decree on healthy and safe digital environments for children and adolescents, including new obligations for online service providers.

Check it out: https://bit.ly/4mLNTFY

China: CAC issues regulations on electronic documents.

The regulations promote and regulate the use of electronic documents, setting security and reliability standards to support digital trade and the wider digital economy.

Learn more: https://bit.ly/3OihXfA

Alabama: Governor signs Bill on comprehensive consumer data privacy.

Alabama has enacted a new consumer privacy law establishing rights for individuals and obligations for businesses, with enforcement by the state AG.

Learn more: https://bit.ly/490zPT4

Kenya: NODPC publishes draft guidance on data transfers, transport services, DPOs, and data protection policies.

The guidelines are intended to assist entities in complying with the requirements of the Data Protection Act.

Learn more: https://bit.ly/4timdLd

EU: EDPB adopts guidelines on data processing for scientific research and opens public consultation.

The guidelines clarify the concept of scientific research under the GDPR and address data subject rights.

Read now: https://bit.ly/3Qk7EIo

EU: EDPB approves updated Europrivacy criteria and recognizes Europrivacy as #GDPR transfer tool.

Check it out: https://bit.ly/4cUNfS3

UK: DSIT issues open letter to businesses on AI‑driven cyber threats.

The DSIT warns businesses about the increasing cyber threats posed by frontier AI models and recommends actions to enhance cybersecurity.

Read now: https://bit.ly/3QKaxSQ

Netherlands: NCSC announces House of Representatives approval of Cybersecurity Act and Critical Entities Resilience Act.

The NCSC highlights that the bills will now move to the Senate.

Check it out: https://bit.ly/4cl6Dac

EU: Commission issues statement on digital age verification app.

The European Commission announced the readiness of the digital age verification app, emphasizing the critical need to enhance children's online safety.

Explore more: https://bit.ly/4tb3jWs

EU: EDPB adopts DPIA template and opens public consultation.

The EDPB adopted a DPIA template to help organizations comply with the GDPR and opened it for public consultation until June 9, 2026.

Check it out: https://bit.ly/4tb3jWs

France: CNIL publishes recommendations on tracking pixels in emails.

CNIL's recommendations follow a public consultation and clarify roles, consent requirements, and exemptions for tracking pixels in emails.

Explore more: https://bit.ly/4dQGAKz

USA: EPIC files amicus brief defending South Carolina's Age-Appropriate Design Code, arguing that behavioral profiling in recommendation systems is not expressive speech and companies cannot claim First Amendment protection.

Learn more: https://bit.ly/3Q3BCQX

Massachusetts: Supreme Judicial Court ruled that Section 230 of the Communications Decency Act does not bar claims against Meta Platforms, Inc. regarding Instagram's design and youth harm.

Read now: https://bit.ly/48NVaPs

USA: EPIC files amicus brief defending South Carolina's Age-Appropriate Design Code, arguing that behavioral profiling in recommendation systems is not expressive speech and companies cannot claim First Amendment protection.

Learn more: https://bit.ly/3Q3BCQX

EU: EDPB adopts DPIA template and opens public consultation.

The EDPB adopted a DPIA template to help organizations comply with the GDPR and opened it for public consultation until June 9, 2026.

Learn more: https://bit.ly/4tSSt7F

Montana: AG launches investigation into auto companies.

The AG launched an investigation into Ford and Stellantis for allegedly collecting and selling personal driving data to third parties without consent.

Read now: https://bit.ly/4tbiY8j

Iowa: AG amends TikTok lawsuit.

The AG amended the lawsuit alleging that TikTok uses dangerous, addictive features to hook children on the app and hides the truth about the Chinese Government's access to user data.

Learn more: https://bit.ly/47VFM3q

Kentucky: Bill relating to data privacy signed by Governor.

The Act comes into effect on July 1, 2027, and prohibits controllers from collecting automatic content recognition data without a consumer's consent.

Check it out: https://bit.ly/4u7nWmL

South Korea: KCC penalizes 373 location information providers.

The KCC imposed fines on providers for violating the Act on the Protection and Use of Location Information and plans to continue inspections and develop supportive policies.

Read now: https://bit.ly/47WLmT0

China: CAC announces interim measures for AI human-like interaction services.

The Measures emphasize a people-oriented approach, balancing AI development with security and enhancing user rights protection.

Check it out: https://bit.ly/4tEFiqz

Iowa: Senate opens inquiry into eight prominent technology companies for inadequate reporting of online child sexual exploitation, with significant deficiencies identified by the NCMEC.

Learn more: https://bit.ly/4vteewb

Kentucky: Bill relating to data privacy passes both houses.

The bill would amend Kentucky's data privacy law to restrict the collection of automatic content recognition data from smart TVs and monitors without consumer consent.

Learn more: https://bit.ly/4mkQ03c

USA: AGs asks court to enforce order blocking Medicaid data sharing with ICE.

The AGs have asked courts to enforce orders blocking the sharing of Medicaid data with ICE over privacy concerns.

Check it out: https://bit.ly/4t0afWg

Poland: Amended Cybersecurity Act implementing NIS2 Directive enters into force and triggers new registration and compliance deadlines for covered entities.

Read now: https://bit.ly/4vdUT29

USA: FTC publishes 2026-2030 Strategic Plan.

The FTC published its 2026–2030 Strategic Plan, highlighting priorities around data privacy and security, telemarketing abuses, and online harms to children.

Read more: https://bit.ly/4si632U

Iowa: Attorney General files lawsuit against Change Healthcare for data breach.

The Iowa AG sued Change Healthcare over a major data breach affecting nearly 2.2 million residents.

Read now: https://bit.ly/4vd56f6