Data Privacy

The policy raises the compliance and operational bar for audience measurement by imposing larger-panel, audit, and public-disclosure obligations that increase technical and staffing requirements. It also narrows who can qualify to operate by enforcing board independence and barring consultancy roles that create conflicts of interest.

The ruling places enforceable legal responsibility on operators to prevent their tools and hosting platforms from producing or circulating sexual imagery of real people without consent. Courts may require technical controls or access restrictions and use daily monetary penalties to ensure compliance.

The bylaw amendments were gazetted without approval from Hong Kong's legislative council, accelerating enforcement tools available under the National Security Law. Providing false or misleading information to authorities is criminalised with penalties up to three years' imprisonment, raising legal risk during investigations.

The FBI has resumed purchasing commercially collected Americans' data and location histories from data brokers to support federal investigations. Data brokers source location and other identifiable information from consumer phone apps, games, and ad-tech systems including real-time bidding. The agency states those purchases are consistent with the Electronic Communications Privacy Act. Lawmakers raised constitutional concerns about purchases of Americans' location data without warrants.

Law No. 15,211/2025 (Digital Statute of Children and Adolescents) requires providers of information technology products or services directed at or likely to be accessed by children and adolescents to adopt mechanisms that provide age-appropriate experiences while respecting evolving capacities and socioeconomic diversity. Social media platforms must verify ages and link accounts of users under 16 to a parent or guardian. Covered businesses must implement risk-mitigation policies, provide Portuguese-language parental controls, operate reporting systems, and firms with over one million Brazilian users must publish transparency reports. Penalties include fines up to 50 million Brazilian reals or up to 10 percent of revenue earned in Brazil, with repeat offenses subject to shutdown; the statute takes effect on March 17, 2026 and the ANPD has regulatory responsibility after receiving independent-agency status in December 2025.

Stricter age-verification checks are required from Monday. Acceptable verification methods include facial recognition technology, digital IDs and credit card details. The rules apply to companies behind search engines, app stores, social media and gaming platforms, porn sites and AI systems including companion chatbots. Non-compliant platforms face million-dollar fines.

The law applies to AI developers whose models are accessible in California. Required disclosures include which dataset sources were used to train models, when the data was collected, and whether collection is ongoing. Disclosures must state whether datasets include data protected by copyrights, trademarks, or patents, and whether training data was licensed or purchased. Disclosures must also address whether training data included any personal information and how much synthetic data was used to train the model.

The ban was announced in the Legislative Assembly during presentation of the 2026–27 state budget. The budget states that access for under-16s will be prohibited. The excerpt does not specify which services are covered or how age will be verified. Detailed guidelines on implementation and enforcement are to be issued in forthcoming policy documents.

GoFan’s ticketing software required users to press an “agree” button to proceed with buying tickets and did not offer an opt-out. The 27 February order said this design led to repeated violations in 2023–24 involving collection of personal information and its sale to advertisers. The California Privacy Protection Act gives California residents the right to know their private information has been collected and to block companies from selling it. PlayOn said the inquiry focused on certain privacy practices prior to December 2024 and that the matters have been fully resolved. The order states PlayOn has sold more than 30m tickets nationwide and has contracts with about 1,400 schools in California.

US District Judge Colleen Kollar-Kotelly found that the IRS disclosed last-known taxpayer addresses to Immigration and Customs Enforcement about 42,695 times. The judge cited Internal Revenue Code 6103, which largely prohibits disclosure of tax return information without consent. The disclosures were made in response to ICE requests for information related to immigrants. The judge concluded the IRS failed to ensure that ICE’s requests met legal standards for sharing confidential tax information.

The ICO found Reddit did not apply a robust age‑assurance mechanism prior to July 2025. The regulator determined Reddit lacked a lawful basis for processing the personal data of children under 13. The ICO concluded those failures resulted in unlawful use of children's data and exposure to inappropriate content. The ICO based its findings on actions before Reddit's July 2025 rollout of an age‑verification system for viewing adult content and expressed concern that the post‑July 2025 system relies on self‑declared ages.

Chinese-made cars are prohibited from entering military facilities. All vehicles capable of recording location, video, or sound are barred from secure military areas unless those functions are switched off. The restriction applies regardless of vehicle origin. The stated justification cites technologically advanced vehicles' sensors and communication systems enabling uncontrolled acquisition and use of data.