The U.K. Information Commissioner’s Office (ICO) plans to “relax” online advertising-related privacy enforcement, using the General Data Protection Regulation's "legitimate interest" principles as justification, Executive Director-Regulatory Risk Stephen Almond told us in April at the IAPP Global Privacy Summit in Washington (see 2504280042). Almond said regulators will look to loosen enforcement standards under the Privacy and Electronic Communications Regulations (PECR).
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
Businesses must traverse an expanding “minefield of state and international regulations,” said BigID CEO Dimitri Sirota in an interview last month at the IAPP Global Privacy Conference in Washington. The emergence of AI has also created privacy compliance challenges -- but the emerging technology could also make some aspects of the data protection profession more efficient, he said.
DUBLIN -- EU digital rules such as the General Data Protection (GDPR) and AI Act must align with technological reality or risk harming innovation, speakers said Wednesday at the IAPP AI Governance Global Europe 2025 conference.
DUBLIN -- One of the least clear aspects of the EU AI Act is its content on using biometric data, panelists said Wednesday at the IAPP AI Governance Global Europe 2025 conference.
Irish Data Protection Commission Deputy Commissioner Cian O'Brien sees a "welcome trend" toward greater agreement among EU data protection authorities (DPAs) in enforcement cases. He spoke Friday during an IAPP webinar about the office's decision against TikTok.
AI’s high-speed evolution makes it a tough technology to regulate, said panelists at a partly virtual University of Illinois privacy conference Thursday.
The global health care and life sciences sectors face major regulatory challenges in the U.S. and Europe from data transfer and cybersecurity laws, speakers said Thursday during an IAPP webinar.
The California Privacy Protection Agency (CPPA) dressed down national menswear retailer Todd Snyder with a $345,178 fine Tuesday for alleged violations of the California Consumer Privacy Act (CCPA). Closely following CPPA action last March against Honda, the Todd Snyder case is more than an enforcement action. It also “highlights a trend by this agency of looking beyond surface compliance with the CCPA,” Wiley privacy attorney Joan Stewart told us. The agency’s board adopted the enforcement decision May 1.
A disconnect exists between legislatures, the privacy laws they create and the litigation that results from them, said panelists during a Federal Communications Bar Association (FCBA) event on privacy litigation trends Thursday. Instead, this ecosystem results in great confusion, prompting a rise in privacy law-related cases, they said.
An Irish Data Protection Commission (DPC) decision to fine TikTok $600 million for General Data Protection Regulation (GDPR) breaches (see 2505020001) highlights the increasing scrutiny on transfers to and from a broader range of countries than just the U.S., EU and U.K., IAPP Research Director Joe Jones said Friday.