CNPD and Luxembourg AI Factory Host RE.M.I. AI Session
The CNPD and Luxembourg AI Factory co-hosted a RE.M.I. (Regulation Meets Innovation) plenary session at Belval on March 17, 2026, bringing together researchers, regulators, businesses, and innovation support organizations. The event featured presentations on deepfake detection, AI Act transparency obligations, and concrete AI applications in road safety, along with updates from working groups developing tools for model selection, note-taking, and email sorting.
EDPB Coordinated Enforcement Framework 2026 Transparency Action
The European Data Protection Board (EDPB) launched its 2026 Coordinated Enforcement Framework (CEF) action, focusing on compliance with GDPR transparency and information obligations under Articles 12, 13, and 14. Twenty-five Data Protection Authorities (DPAs) across Europe will conduct enforcement actions and fact-finding exercises targeting data controllers from various sectors throughout 2026, with findings to be consolidated in an EDPB report and followed by targeted enforcement at national and EU levels.
Age Assurance Technologies and Privacy Obligations Guidance
The OAIC published guidance on age assurance technologies clarifying expectations for entities conducting age checks online. The guidance emphasizes necessity and proportionality, data minimization, transparency, and strong vendor controls. The publication supports compliance with the Social Media Minimum Age scheme and eSafety Age-Restricted Material Codes requirements.
Children's Online Privacy Code Exposure Draft
The Office of the Australian Information Commissioner (OAIC) has published an exposure draft of the Children's Online Privacy Code for public consultation. The draft code introduces new obligations requiring agencies and organisations to consider children's best interests before collecting, using, or disclosing personal information, including requirements for targeted advertising consent and data deletion rights. The 60-day consultation opens March 31, 2026, with the Code expected to take effect in December 2026.
Global Privacy Sweep Finds Rising Privacy Risks for Children Online
The OAIC published results from the 2025 Global Privacy Enforcement Network sweep, examining 900 websites and apps used by children. The sweep found 59% require email collection, 71% lack child-tailored privacy controls, and 36% lack accessible account deletion. Compared to a 2015 baseline, data collection practices have increased, raising privacy risks for child users.
FCDO mining FOI cost limit defence upheld
The ICO issued Decision Notice IC-407227-D6N2 upholding the Foreign, Commonwealth & Development Office's refusal of mining-related Freedom of Information requests. The FCDO successfully relied on section 12(2) FOIA (cost limit) and regulation 12(4)(b) EIR (manifestly unreasonable) to refuse the requests. The complaint was not upheld.
Cabinet Office FOIA case, section 36(2)(c) exemption upheld
The Information Commissioner's Office issued a Decision Notice in case IC-373252-Y7J5, finding that the Cabinet Office correctly relied on section 36(2)(c) of the Freedom of Information Act 2000 to withhold information about email addresses directly accessed by or assigned to the Cabinet Secretary. The ICO upheld the exemption citing prejudice to the effective conduct of public affairs. This decision provides guidance on the application of this exemption in FOIA requests involving senior government officials.
Home Office FOIA exemption upheld, late response breach
The Information Commissioner's Office issued a Decision Notice finding that the Home Office correctly withheld information about Palestinian Action under section 35(1)(a) FOIA (formulation or development of government policy), with the public interest favoring the exemption. The ICO also found the Home Office breached section 10 FOIA by failing to respond within 20 working days. No remedial steps required.
MOD Withheld Intelligence Services Bill File, Exemption Upheld
The Information Commissioner's Office issued a Decision Notice on 26 March 2026 in case IC-393615-M4Q4, upholding the Ministry of Defence's refusal to disclose file DEFE 68/1153 (Intelligence Services Bill) under section 23(1) FOIA. The complainant's challenge was not upheld, and the security bodies exemption was sustained.
DHSC Ambulance Review FOIA Decision - Legal Privilege and Personal Data
The Information Commissioner's Office issued Decision Notice IC-407317-D5F4 regarding a Freedom of Information complaint against the Department of Health and Social Care (DHSC). The ICO found that DHSC properly withheld information under section 40(1) FOIA (personal data exemption) and had communicated all non-exempt information it holds. The legal professional privilege claim under section 42(1) was not upheld, but the information remains exempt under section 40(1). No further steps are required from DHSC.
MOD withheld Falkland invasion file, FOI not upheld
MOD withheld Falkland invasion file, FOI not upheld
Lambeth Council Ordered to Respond to EIR Request
The ICO issued a decision notice finding that the London Borough of Lambeth failed to respond to an Environmental Information Regulations (EIR) request within the required 20 working days. The ICO ordered the council to provide a response to the complainant within 30 calendar days. This is a binding compliance order under EIR 5(2).
Public Services Ombudsman for Wales - FOIA Information Request Breach
The ICO issued a decision notice finding that the Public Services Ombudsman for Wales (PSOW) breached section 10(1) of FOIA by failing to acknowledge it held information requested by a complainant. The ICO determined that PSOW did hold the information for FOIA purposes, contradicting PSOW's position. No further action or penalties were required of PSOW.
University of Exeter FOI Section 32(1) Court Records Exemption Decision
The ICO issued a Decision Notice finding that the University of Exeter cannot withhold information related to a First-tier Tribunal appeal under section 32(1) FOIA (court records exemption). The exemption claim was not upheld. The Commissioner does not require further steps from Exeter.
GLA FOI complaint upheld, must respond in 30 days
The Information Commissioner's Office issued a Decision Notice upholding a Freedom of Information Act complaint against the Greater London Authority. The GLA failed to respond to an FOI request within the statutory 20 working day timeframe. The ICO ordered the GLA to provide a complete response to the complainant within 30 calendar days or face further enforcement action.