The Asia-Pacific (APAC) region appears to be taking a different approach to AI regulation and governance than the EU and U.S., privacy professionals told Privacy Daily.

Recent enforcement against Honda and Healthline in California and FTC action against data brokers show that companies must understand data flow and consent, an executive with the Interactive Advertising Bureau (IAB) said in an interview Monday.

DOJ’s data transfer rule goes into full force Tuesday, but many companies are still seeking clarity from the department about compliance, privacy attorneys told us in interviews this week (see 2504140047).

A California privacy enforcer’s first use of a purpose-limitation requirement under the California Consumer Privacy Act (CCPA) makes this week’s record $1.55 million settlement with Healthline a significant enforcement action for companies in many sectors, privacy experts told Privacy Daily this week. Also significant was the highly technical, in-depth investigation that the office of Attorney General Rob Bonta (D) conducted, they said. Signs point to increased privacy enforcement ahead.

Pleasing businesses, California lawmakers further scaled back a privacy bill requiring support for universal opt-out signals so it now covers only browsers. At a hearing Tuesday, the Senate Judiciary Committee voted 11-0 to advance AB-566 to the Appropriations Committee. In addition, the Judiciary Committee forwarded a bill that would require social media platforms to treat consumers deleting accounts as requests to delete their information under the California Consumer Privacy Act (CCPA). The panel also supported requiring warning labels on social media.

Qualified researchers would gain access to the internal data of companies designated as very large online platforms (VLOPs) and search engines (VLOSEs) under the EU Digital Services Act (DSA). The new access stems from part of a "delegated act," the European Commission announced Wednesday.

Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.

Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).