Data Privacy & Cybersecurity

CPPA Fines Data Brokers for Registration Violations

The California Privacy Protection Agency (CPPA) has issued enforcement actions against two data brokers, Rickenbacher Data LLC (d/b/a Datamasters) and S&P Global, Inc., for failing to register as required by California's Delete Act. Datamasters was fined $45,000 and ordered to stop selling personal information, while S&P Global was fined $62,600.

California Bill for CCPA Whistleblower Protections and Awards

The California Privacy Protection Agency (CalPrivacy) is sponsoring AB 2021, a bill to establish whistleblower protections and an award program under the California Consumer Privacy Act (CCPA). The bill aims to incentivize individuals to report violations and protect them from retaliation.

FTC and States Secure $100M Judgment Against Walmart for Deceptive Earnings Claims

The FTC and 11 states have secured a $100 million judgment against Walmart to settle allegations of deceptive earnings claims made to delivery drivers in its Spark Driver program. The company allegedly misled drivers about base pay, incentives, and tips, causing drivers to lose tens of millions of dollars.

EDPB Opinion on ABN AMRO Binding Corporate Rules

The European Data Protection Board (EDPB) has issued Opinion 06/2026 regarding the Binding Corporate Rules (BCRs) of ABN AMRO. This opinion addresses the draft decision from the Dutch supervisory authority concerning these BCRs.

EDPB Opinion on Dutch Authority's Draft Decision for Arcadis Group

The European Data Protection Board (EDPB) has issued an opinion on a draft decision by the Dutch Data Protection Authority concerning Arcadis Group's Binding Corporate Rules (BCRs). This opinion addresses the international transfer of data and the adequacy of the BCRs.

FTC Policy Statement on COPPA and Age Verification Technologies

The FTC issued a policy statement clarifying that it will not bring enforcement actions under COPPA against operators using age verification technologies for the sole purpose of determining user age, provided certain conditions are met. This aims to incentivize the use of these technologies to protect children online.

FTC Workshop on Data Economy Injuries and Benefits

The Federal Trade Commission is hosting a workshop on February 26, 2026, to discuss measuring consumer injuries and benefits in the data-driven economy. The event will feature FTC officials and panel discussions on privacy preferences and data breach impacts.

ICO Decision on Executive Office Northern Ireland Communications

The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information request made to the Executive Office Northern Ireland. The ICO partially upheld the Executive Office's decision to withhold certain communications, but required disclosure of other information previously withheld under specific exemptions.

ICO Decision Notice: Lucy Letby Case FOI Request Not Vexatious

The UK's Information Commissioner's Office (ICO) issued a decision notice stating that a Freedom of Information (FOI) request concerning the Lucy Letby case was not vexatious. Cheshire Constabulary is required to provide a fresh response to the complainant.

ICO Decision Notice: Somerset Council FOI 10 Upheld

The UK's Information Commissioner's Office (ICO) has upheld a complaint against Somerset Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The ICO has ordered the council to respond to the complainant within 30 calendar days.