We’ve compiled the latest in Data Protection and Privacy news for your convenience below.
1) Newly Published Documentation
πͺπΊ European Union β EDPB Reviews Brazil’s Data Protection Adequacy
The European Data Protection Board shared its opinion on recognizing Brazil’s data protection laws as adequate under EU standards. While finding Brazil’s framework largely compliant with GDPR, the EDPB advised clarification on privacy assessments, transparency limits, and law enforcement applications.
π±π» Latvia β Guidance Issued on Cookie Opt-Out Simplification
Latvia’s Data Protection Authority published guidance urging websites to make cookie consent withdrawal easier (in Latvian). The authority emphasized that non-essential cookies require freely given consent and highlighted best practices for clear withdrawal tools.
πͺπΊ European Union β AI Content Transparency Code Development Begins
The European Commission launched development of a Code of Practice for AI-generated content transparency. The seven-month process involves industry and civil society input to meet AI Act requirements for clearly marking AI-produced content by August 2026.
π«π· France β CNIL Surveys DPOs on AI Governance Role
France’s data protection authority launched a nationwide survey exploring how Data Protection Officers adapt to AI oversight responsibilities (in French). The initiative examines AI Act and GDPR interactions, with results expected in early 2026.
2) Notable Case Law
πͺπΈ Spain β Carrefour Financial Services Fined β¬2.5 Million
Spain’s data protection authority fined Servicios Financieros Carrefour β¬2.5 million for data breach failures (in Spanish). The breach exposed customer ID numbers, contact information, and financial data due to weak security systems and poor monitoring practices.
π΅π± Poland β Courts Approve UODO’s Data Communication Framework
Polish Courts of Appeal approved the national data protection authority’s standardized communication templates for personal data protection claims (in Polish). The decision supports streamlined information sharing under Poland’s Personal Data Protection Act.
3) New and Upcoming Legislation
πΊπΈ USA (New York) β Final Cybersecurity Rules for Small Firms Active
New York’s amended cybersecurity rules final phase took effect, requiring small businesses to adopt multi-factor authentication and maintain detailed asset inventories. Class A companies must ensure universal MFA access and comprehensive IT asset records.
ππΊ Hungary β National AI Law Enacted
Hungary enacted comprehensive AI legislation effective December 2025, creating the AI Market Surveillance Authority and Hungarian Artificial Intelligence Council. The law applies to all AI providers and users, with maximum fines reaching HUF 13.3 billion (approximately β¬33 million).
4) Strong Impact Tech
πΊπΈ USA β OpenAI and Amazon Sign $38 Billion AI Infrastructure Deal
OpenAI secured a multi-year agreement with Amazon for AI infrastructure capacity, including hundreds of thousands of Nvidia processors through AWS. Full capacity deployment is expected by end of 2026, reflecting massive capital investment in next-generation AI systems.
πΊπΈ USA β Meta Announces $600 Billion AI Infrastructure Investment
Meta committed to spending $600 billion over three years expanding US infrastructure and creating jobs through new data centers. CEO Mark Zuckerberg outlined the AI growth preparation plan, including recent investments in Louisiana and Texas facilities.
Other key information from the past weeks
ππ° Hong Kong β Privacy Commissioner Alerts LinkedIn Users on AI Data Use
Hong Kong’s Privacy Commissioner reminded users that LinkedIn began using personal data and public content to train generative AI models from November 3, 2025. The change affects Hong Kong, EU, and Canadian users under reviewed privacy settings.
π APEC β Leaders Adopt Digital Transformation Declaration
APEC leaders adopted the Gyeongju Declaration committing to regional digital and AI transformation readiness. The joint commitment emphasizes collaboration in digital policy research, voluntary data sharing, and human-centered AI development approaches.
π Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates
Latest issues
About us
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.