Digital ministers from the Association of Southeast Asian Nations (ASEAN) unveiled three privacy guides this week that detail new policies and clarify existing regulations. Singapore's Personal Data Protection Commission announced their release Friday.
The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.
French privacy regulator CNIL Thursday unveiled a 2025-2028 strategic plan focused on AI, minors' rights, cybersecurity, and mobile apps and digital identity, according to an unofficial translation.
U.K. regulator Ofcom Thursday issued industry guidance detailing how apps and sites can implement effective age checks to keep children from encountering online porn and protect them from other harmful content. Pornography providers have until July to introduce age checks, it said. The office also published a statement on age assurance and children's access, and warned that its age assurance enforcement program is open for business.
Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.
Better cross-regulatory cooperation is needed to avoid inconsistent application of European digital laws, the European Data Protection Supervisor (EDPS) said Wednesday. The office published a plan for Digital Clearinghouse 2.0, which proposes a consistent, coherent enforcement approach for EU laws regulating digital markets.
State privacy officials in Delaware and New Hampshire aren’t intentionally looking to catch businesses breaking rules, they told an International Association of Privacy Professionals webinar Wednesday. Both states’ privacy laws took effect Jan. 1 (see 2501060066).
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
The California Privacy Protection Agency lacks authority to regulate AI, business groups protested during a partially virtual CPPA hearing Tuesday. They urged that the agency pump the breaks on proposed rules for automated decision-making technology (ADMT) and other changes to privacy regulations under the California Consumer Protection Act (CCPA). However, workers’ rights groups and consumer privacy organizations urged that it proceed with increasing privacy rules.
Colorado will step in if the federal government pulls back on privacy enforcement under the second Trump administration, the state’s AG Phil Weiser (D) told Privacy Daily. In an interview, he said privacy will continue to be a priority for the state in 2025, with Weiser hoping to raise awareness with businesses and consumers about their duties and rights under the Colorado Privacy Act (CPA).