Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
The FTC’s new requirement that companies obtain separate parental consent when collecting children’s data for nonessential business purposes is a key change compliance professionals should fully understand, attorneys said Tuesday.
Almost all comprehensive state privacy laws include enforcement language against AI-related discrimination, so additional efforts to regulate automated decisions could be redundant, Minnesota Rep. Steve Elkins (D) told Privacy Daily in a recent interview.
Digital ministers from the Association of Southeast Asian Nations (ASEAN) unveiled three privacy guides this week that detail new policies and clarify existing regulations. Singapore's Personal Data Protection Commission announced their release Friday.
The European Parliament Civil Liberties Committee Thursday named Bruno Gencarelli as European data protection supervisor (EDPS) for 2025-2030. Gencarelli, currently European Commission head of international data flows and protections, beat three other candidates in a secret ballot, including current EDPS Wojciech Wiewiorowski. Once the European Parliament president and political party heads confirm the vote, Parliament and the European Council will make the appointment. The EDPS supervises how EU institutions and bodies process personal data to ensure compliance with privacy law, and advises them on personal data processing and related policies and legislation. The office's role has been expanded to cover such things as EU bodies' compliance with the AI Act.
French privacy regulator CNIL Thursday unveiled a 2025-2028 strategic plan focused on AI, minors' rights, cybersecurity, and mobile apps and digital identity, according to an unofficial translation.
U.K. regulator Ofcom Thursday issued industry guidance detailing how apps and sites can implement effective age checks to keep children from encountering online porn and protect them from other harmful content. Pornography providers have until July to introduce age checks, it said. The office also published a statement on age assurance and children's access, and warned that its age assurance enforcement program is open for business.
Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.
Better cross-regulatory cooperation is needed to avoid inconsistent application of European digital laws, the European Data Protection Supervisor (EDPS) said Wednesday. The office published a plan for Digital Clearinghouse 2.0, which proposes a consistent, coherent enforcement approach for EU laws regulating digital markets.
State privacy officials in Delaware and New Hampshire aren’t intentionally looking to catch businesses breaking rules, they told an International Association of Privacy Professionals webinar Wednesday. Both states’ privacy laws took effect Jan. 1 (see 2501060066).