FTC puts GM’s puts connected vehicle data practices under compliance spotlight
The U.S. Federal Trade Commission finalized its order against General Motors and its OnStar subsidiary over the improper usage of geolocation and driving behavior data of drivers.
EU moves to simplify GDPR and AI Act obligations, raising compliance questions for companies
For the past decade, Europe has led in creating strong but flexible rules for data use and safe AI development. The EU’s new plans to simplify key data privacy and AI governance measures have received a mixed response.
How to make the business case to upgrade records management systems
Companies are giving their records management programs a makeover, and not for the reasons you may think. What used to be a sleepy back-office legal department function is now front and center, often driven by compliance teams.
U.K. data regulator pushes transparency on investigations
Plans to increase transparency around how the U.K.’s Information Commissioner investigates and fines companies should give businesses more clarity, but experts say the regulator still needs to explain how it will prioritize cases.
Company agrees to report to FTC for 10 years for alleged student data lapses
A tech company that stores student information for schools has agreed to implement a data security program and report to the Federal Trade Commission for 10 years, after security failures led to data for 10 million students being breached.
California may create whistleblower program to root out privacy law violations
A California privacy agency plans to seek a whistleblower law, to encourage corporate employees and others to step forward with complaints about egregious privacy violations at their workplaces.
Complying with the EU Data Act – What companies should know
Companies could face significant compliance challenges in trying to meet new EU legal requirements about how companies share data with third parties.
New EU Data Act may impact companies’ GDPR compliance efforts
New rules that have recently come into effect across the EU will allow for greater transfers of data between companies, though experts fear the changes could conflict with Europe’s strict privacy legislation, which protects personal information.
Nine states collaborating on data privacy enforcement across state lines
Nine states are collaborating to write and enforce comprehensive data privacy laws, in an effort to protect consumers across jurisdictions and due to the absence of a broad, federal privacy law.
Extra-territorial rules: How to navigate global compliance complexity
Sanctions, tariffs, economic crime, big tech, data privacy, and environmental laws are expanding global compliance risks. Tougher penalties now reach deep into supply chains, making even small suppliers accountable to customers or regulators.
Tractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
Study: Compliance managers must set rules in race to adopt AI agents and copilots
More than half of all compliance teams are “actively using” or “piloting” AI applications, according to a Moody’s report. While most are focusing on streamlining routine tasks, some are developing AI agents and asking vital questions about AI decision-making.
Google hit with $425.6 million verdict in California privacy case
Google allegedly collected personal data from mobile devices without permission, violating California privacy laws, a jury ruled in awarding more than $425.6 million to class-action plaintiffs.
Digital wallets should speed up compliance, but companies must focus on trust and security
The EU has one, the U.K. is getting one, many U.S. states are working with Google and Apple to provide one, and now industry sectors are developing their own digital wallet.
California privacy regulator unveils new cyber, risk, and automation rules
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology, under a large expansion of rules by the state.
Kentucky is latest state to file suit against Temu for alleged privacy violations
Kentucky took aim at Chinese company Temu, alleging in a lawsuit that it counterfeited popular Kentucky-designed merchandise and violated customers’ privacy.
10 tips to comply with the U.K.’s new data law
Changes to the U.K.’s privacy regime will immediately affect how companies handle AI-driven decisions, cookie usage, and responses to data subject requests. As a result, experts are warning compliance teams to ensure their organizations take the legislation seriously and make plans to review data governance.
European Commission unveils a simpler, more competitive EU Single Market, but businesses remain skeptical
The EU’s new strategy aims to boost SME growth and cut market barriers, but businesses doubt reforms will happen, and consumer groups fear weaker data protections.
Seven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
Communication and relationships is increasingly critical for compliance teams
Compliance is increasingly in the spotlight as companies are tackling everything from artificial intelligence and other new technologies to risk management and mitigation. But it’s soft skills of communication and relationship building that are becoming the most critical tools for success.
Apple, Google face compliance crossroads as states push digital safeguards
A new law in Texas will go into effect next January that requires Apple and Google to verify the age of their app store users. This marks another piece of legislation from the state level intended to protect children, and the second such law specifically from Texas to limit children’s ...
Inside the Mind of the CCO: Compliance in an uncertain world, still with fuzzy reporting lines
The world is rapidly changing. The European Union is stepping up rules and enforcement, while the United Kingdom is charting its own course. And now the United States is taking a third tack, with unclear regulation enforcement under a mercurial Donald Trump’s second term as president underway.
FTC orders GoDaddy to upgrade cybersecurity defenses following three breaches
The Federal Trade Commission has ordered web hosting company GoDaddy to implement a “robust” information security program following at least three data breaches that the agency said were aided by lax cybersecurity measures.
EU hits Apple, Meta with antitrust fines weeks after Trump tariffs announced
The European Union issued significant antitrust fines against two tech titans, hitting Apple with 500 million euros (U.S. $570 million) and Facebook owner Meta with 200 million euros (U.S. $228 million). The move sought to undermine key parts of both companies’ businesses less than a month after U.S. President Donald ...
UK’s deregulation drive raises compliance risk, say top lawyers
The United Kingdom’s latest effort to encourage regulators to pare down rules to attract companies and investment as a way to stimulate the economy has received mixed reviews from lawyers.
EU looking to scale back GDPR in coming weeks
The European Union’s General Data Protection Regulation has been in effect since 2018, requiring companies to securely handle users’ personal data. The European Commission will reportedly review the regulations and claw back some of the rules, which could make doing business in Europe a little easier for these companies.
'Measured approach' or light-handed GPDR? Noyb reports only 1.3 percent of EU cases result in fine
When Europe’s strict set of data protection rules came into force nearly seven years ago, privacy campaigners, industry experts, and lawyers all warned that noncompliance could result in eye-watering fines and other costly sanctions, especially for repeated breaches. However, the reality appears to be very different.
Photo gallery: Cyber Risk & Data Privacy Summit
Compliance Week’s Cyber Risk & Data Privacy Summit, held Feb. 10-11 in Alexandria, Va., gathered legal, compliance, and risk professionals in person for the first time since before the pandemic to benchmark best practices on managing cyber risks.
Financial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.
Experts: U.K. digital market reforms a ‘watershed moment,’ could speed up enforcement
The U.K.’s competition regulator has outlined new plans to regulate Big Tech firms that will enable it to take a much more flexible and proactive approach towards investigations.
FBI, Europol shut down hacking sites selling personal info, tools for cybercriminals
Two massive hacking websites–where criminals sold everything from stolen social security numbers to tools for cybercriminals to gain access to computers–have finally been shut down by an international law enforcement team, the Department of Justice announced.
EDPB shift forces AI firms to embed procurement, risk management in GDPR considerations
Efforts to clarify the circumstances in which artificial intelligence models may or may not be violating the General Data Protection Regulation could result in yet more confusion for tech firms, companies deploying the technology, and even data protection authorities, according to experts.
Five reasons why I’m excited about CW’s Cyber Risk & Data Privacy Summit
Having worked for Compliance Week for three years, I’ve found it remarkable how compliance professionals can be so consistently upbeat about their plight. An often refrain in compliance circles is “be comfortable with being uncomfortable.” As difficult as the job can be, that clearly doesn’t mean it can’t be fun.