Search

Accessible Deletion Mechanism for Data Brokers

The California Privacy Protection Agency has finalized regulations establishing an Accessible Deletion Mechanism (DROP) for data brokers, effective January 1, 2026. This system allows consumers to request the deletion of their personal information from registered data brokers through a single request to the agency.

Data Broker Registration Fee Regulations

The California Privacy Protection Agency (CPPA) is now responsible for the state's data broker registry, effective January 1, 2024. Data brokers must pay an annual registration fee, which the CPPA may adjust. Final regulations for the fee structure have been published for 2024, 2025, and 2026 registrations.

California Adopts CCPA Regulations on Risk Assessments and Cybersecurity

The California Privacy Protection Agency has adopted final regulations updating the CCPA. These regulations implement requirements for risk assessments, annual cybersecurity audits, and consumers' rights regarding automated decision-making technology, effective January 1, 2026.

US House Committee Advances KIDS Act and Other Online Safety Bills

The U.S. House Committee on Energy and Commerce advanced the KIDS Act, Sammy's Law, and the App Store Accountability Act to a full House vote. These bills aim to enhance children's online safety by addressing issues like dangerous content, age verification, and app store policies.

Maine Privacy Bill Advances, Oregon AI Chatbot Bill Clears Legislature

Maine's legislature has advanced a comprehensive privacy bill, the Maine Online Data Privacy Act, through both chambers. Oregon's Senate Bill 1546, an AI chatbot safety bill, has also cleared its state legislature and is heading to the governor. Both bills represent significant state-level regulatory developments.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.

EU AI Act Omnibus: New Compliance Deadlines and Deepfake Ban

Members of the European Parliament have reached a preliminary agreement on amendments to the EU AI Act, including extended compliance deadlines for high-risk systems and a ban on non-consensual deepfakes. The agreement aims to provide legal certainty and allow more time for technical standards and guidance development.

DSA Transparency Reports Clarify Content Moderation

The EU has published harmonised transparency reports under the Digital Services Act (DSA), standardising content moderation data reporting for online services. This follows the adoption of an Implementing Regulation in July 2025, with the first reports due by March 2026.