Utah Businesses Guided on Cash Rounding During Penny Shortage
The Utah Division of Consumer Protection has issued guidance to businesses on how to handle cash rounding during a national penny shortage. The guidance recommends a specific rounding methodology for cash-only transactions after taxes are calculated and requires businesses to provide notice of their chosen method.
Utah Division of Consumer Protection Fines Maintenance Funding Providers
The Utah Division of Consumer Protection has concluded an audit of maintenance funding providers (MFPs), identifying over 600 violations of the Maintenance Funding Practices Act. This has resulted in nearly $100,000 in fines levied against 14 providers for issues including failure to register, improper disclosures, and inappropriate referral practices.
Utah AG Secures $7.9M Judgment Against Amazon Store Scammer
The Utah Division of Consumer Protection secured a $7.9 million judgment and permanent ban against Parker J. Wilde for a deceptive Amazon e-commerce store scheme that defrauded over 200 consumers. Wilde is prohibited from participating in money-making schemes and telemarketing in Utah.
Mercedes-Benz USA Settles with 50 States for $149.6M Over Emissions Defeat Devices
Utah and 50 other states have reached a $149.6 million settlement with Mercedes-Benz USA and Daimler AG for using illegal emissions defeat devices in over 211,000 diesel vehicles. The settlement addresses deceptive practices related to circumventing emissions standards and misleading consumers about environmental compliance.
FTC, States Reach $100M Settlement with Walmart Over Deception
The FTC and a bipartisan group of state attorneys general have reached a $100 million multistate settlement with Walmart over allegations of deceiving drivers and customers in its Spark Driver Program. The settlement resolves claims that Walmart misrepresented driver pay and customer tips, with $89 million for consumer restitution and $11 million in penalties to states.
European Data Protection Authorities Focus on Transparency Obligations
European data protection authorities, coordinated by the EDPB, will focus on transparency and information obligations under GDPR for the year 2026. This initiative aims to ensure data controllers provide clear, accessible information to individuals regarding the processing of their personal data.
PDPC Decision on Data Protection Breach by People Central Pte. Ltd.
Singapore's Personal Data Protection Commission (PDPC) issued a decision against People Central Pte. Ltd. for breaching data protection obligations. The company experienced an unauthorized access and deletion of client employee data due to insufficient security arrangements, including SQL injection vulnerabilities and weak access controls. The decision was handled under an expedited procedure due to the organization's admission of facts and breach.
Marina Bay Sands Data Breach Penalty Decision
Singapore's Personal Data Protection Commission has issued a decision against Marina Bay Sands Pte. Ltd. for a data breach affecting approximately 665,495 members. The breach resulted from insufficient security arrangements and a failure to mitigate risks of human error, leading to unauthorized access and disclosure of personal data. A financial penalty has been imposed.
PDPC Decision on Data Protection and Accountability
Singapore's Personal Data Protection Commission (PDPC) issued a decision against Air Sino-Euro Associates Travel Pte. Ltd. for failing to protect customer data, resulting in unauthorized access and disclosure. The organization also failed to appoint a data protection officer and implement internal policies.
Goldheart Jewelry Data Breach Decision
Singapore's Personal Data Protection Commission has issued a decision against Goldheart Jewelry Pte. Ltd. for a data breach affecting 41,379 individuals. The breach resulted from insufficient security measures, including a failure to implement adequate patch management and access controls, leading to unauthorized access and disclosure of personal data.
PDPC Decision on Institute of Mental Health Data Consent
The Singapore Personal Data Protection Commission (PDPC) amended a previous decision concerning the Institute of Mental Health (IMH). The amendment clarifies the factual background regarding IMH's use of patient data for research study recruitment, specifically addressing implied consent and the visibility of a notification to patients.
Senator Blackburn Proposes AI Framework for Child Safety and Copyright
U.S. Senator Marsha Blackburn has introduced a discussion draft for a federal AI policy framework focusing on children's online safety and copyright protection. The proposal aims to establish national standards, incorporating elements from the Kids Online Safety Act and the NO FAKES Act, and includes provisions for a private right of action for child harms.
China PIPL Compliance Audit Guidance and Enforcement Trends
China's Personal Information Protection Law (PIPL) requires organizations to audit personal information processing for compliance. Recent regulatory developments, particularly concerning minors' data, indicate an increasing expectation for audits to be repeatable, verifiable, and evidence-backed, with a focus on demonstrating consistent implementation and technical reality.
EU Regulators Focus on Cross-Regulatory Cooperation for Digital Laws
The European Data Protection Board (EDPB) is increasing focus on cross-regulatory cooperation for EU digital laws, including the GDPR, AI Act, and Digital Markets Act. The EDPB is developing joint guidance with the European Commission on these interactions and on data protection and competition, aiming for consistent interpretation and enforcement.
EDPB Report on Anonymisation and Pseudonymisation Stakeholder Event
The European Data Protection Board (EDPB) has published a report detailing discussions from a stakeholder event on anonymisation and pseudonymisation techniques. The report summarizes key takeaways and perspectives shared during the event.
EDPB-EDPS Joint Opinion on Cybersecurity Act 2 and NIS 2 Directive Amendments
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a joint opinion on proposed amendments to the Cybersecurity Act 2 and the NIS 2 Directive. This opinion provides recommendations on the legislative proposals concerning cybersecurity certification and network and information security.
GDPR Rights Procedure Resolution - Spanish DPA
The Spanish Data Protection Agency (AEPD) issued a resolution regarding a data subject's right to erasure request against UPTA-CLM. The agency found issues with the contact information provided by the organization, including a non-functional data protection officer email address.
EDPB Announces 2026 GDPR Transparency Measure
The European Data Protection Board (EDPB) announced its 2026 Coordinated Enforcement Framework (CEF) measure, focusing on transparency and information obligations under the GDPR. The Austrian Data Protection Authority will participate in this coordinated action.
Digital Europe Programme Amended for Innovative Digital Capacities
The European Commission has amended the Digital Europe Work Programme 2025-2027 to enhance innovative digital capacities across the EU. The update introduces new actions for digital infrastructure in schools, online safety applications, and AI testing facilities, among other enhancements.