In what one privacy expert called a "dam-bursting moment," the European Court of Justice's General Court Wednesday ordered the European Commission (EC) to pay $412 (400 euros) to a German visitor to one of its websites because the site unlawfully transferred his personal data to the U.S. (Case T-354/22/ Bindl v. Commission). The EC said it would "carefully study" the judgment and its implications.

A comprehensive New York bill to regulate AI surfaced ahead of the state’s legislative session that opens Wednesday. The Assembly referred A-768 by Assemblymember Alex Bores (D) to the Consumer Affairs and Protection Committee.

Businesses must make incremental changes to comply with five state privacy laws effective this month, privacy experts said in interviews. Comprehensive laws took effect Jan. 1 in Delaware, Iowa, Nebraska and New Hampshire. A New Jersey law becomes effective Jan. 15, with that state’s attorney general office’s consumer affairs division soon expected to open a rulemaking.

Congress and the Trump administration should consider X platform owner Elon Musk’s unconventional ideas, including possibly shuttering the Consumer Financial Protection Bureau, Senate Republicans told us in December.

A U.S. District Court of Northern California ruling last week in NetChoice v. Bonta, which involved a law regulating addictive social media feeds for minors, will likely hold up and pave the way for approval of similar state laws, supporters of such laws said. The 9th U.S. Circuit Court of Appeals is set to consider an appeal of the Dec. 31 decision rejecting NetChoice's motion to stop the law from taking effect the next day.

Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.

New Republican leadership for the House and Senate Commerce committees could mean a full reset for federal privacy legislation in 2025. That’s according to interviews with incoming Senate Commerce Committee Chairman Ted Cruz, R-Texas, and incoming House Commerce Committee Chairman Brett Guthrie, R-Ky.

Vermont and Washington state will soon introduce comprehensive privacy bills, while Connecticut will have a bill that would add data minimization rules and make other changes to its 2022 law, legislators told Privacy Daily ahead of sessions starting this month. Also, legislators in Oklahoma and South Carolina prefiled bills last month for the 2025 legislative sessions. Additional privacy bills are expected this year in several other states, said privacy lawyers and consumer advocates in other interviews.