FTC Finalizes Order Against Adamas for No-Hire Agreements

The FTC has finalized a consent order against Adamas Amenity Services LLC, requiring the company to cease enforcing no-hire agreements. These agreements restricted building owners from hiring Adamas's employees without penalty, impacting wage and job growth for workers in New Jersey and New York City.

ICO Guidance: Data Protection Complaints Process

The UK's Information Commissioner's Office (ICO) has published new guidance detailing requirements for organisations to establish a data protection complaints process. These requirements, stemming from the Data (Use and Access) Act 2025, will become legally effective on June 19, 2026, but are presented as good practice in the interim.

Quiroz v. Hernandez and City of Dayton - Fifth Circuit Court Opinion

The Fifth Circuit Court of Appeals denied a petition for rehearing in the case of Quiroz v. Hernandez and City of Dayton. The court withdrew its prior opinion and substituted a new one, denying the plaintiffs' request to replead their claims for a fourth time after the district court dismissed them with prejudice due to pleading deficiencies.

James Devins v. John Armstrong - Petition for Rehearing Denied

The Fifth Circuit Court of Appeals denied a petition for panel rehearing in the case of James Devins v. John Armstrong. The court withdrew its prior opinion and substituted a new one, affirming the dismissal of Devins's claims but reversing the dismissal with prejudice as an abuse of discretion. The case concerns the denial of a student visa for a foreign national.

EDPB Work Programme 2026-2027

The European Data Protection Board (EDPB) has published its Work Programme for 2026-2027. This document outlines the EDPB's priorities and planned activities for the upcoming two-year period, focusing on data protection and GDPR compliance across the EU.

EDPB Report on GDPR Compliance Templates Consultation

The European Data Protection Board (EDPB) has published a report on its public consultation regarding helpful templates for organizations to facilitate GDPR compliance. This report summarizes the feedback received from stakeholders on potential template needs.

AEPD Resolution: Simyo Denied Voice Recording Access

The Spanish Data Protection Agency (AEPD) issued a resolution against Simyo (Orange España Virtual, S.L.) for denying a consumer's right of access to voice recordings related to a SIM swap. Simyo initially conditioned access on a judicial order, which is not required by law, but later provided the recordings after the complaint.

AEPD resolves identity theft data use complaint against TELFY TELECOM

The Spanish Data Protection Agency (AEPD) has resolved a complaint against TELFY TELECOM for alleged misuse of personal data in an identity theft case. The company failed to respond to a data access request from a customer who was a victim of identity theft, leading to a formal resolution by the AEPD.

AEPD Resolution on Data Protection Access Right Procedure

The Spanish Data Protection Agency (AEPD) issued a resolution regarding a data protection rights procedure, specifically concerning the right of access. The resolution details the process followed after a complaint was filed and notes that the data controller ultimately provided the requested response.

Ofcom Fines Porn Company £800k for Age Check Failures

Ofcom has fined Kick Online Entertainment SA £800,000 for failing to implement effective age verification measures to prevent children from accessing pornographic content, as required by the Online Safety Act. An additional £30,000 fine was imposed for non-compliance with information requests.