Privacy & Data

The 2026 IAPP Global Privacy Summit, held in Washington, D.C. from March 30 to April 2, convened over 15,000 privacy and digital responsibility professionals to address the most pressing issues at the intersection of artificial intelligence (AI), data privacy, and regulatory enforcement.

How EU proposals to “simplify” tech laws will roll back our rights in order to feed AI and undermine our rights online.

Written by: Haim Ravia, Dotan Hammer California is rolling out two significant regulatory packages that will reshape business obligations under California privacy law beginning January 1, 2026. Together, these regulations introduce comprehensive automated decision-making requirements, mandatory ...

Learn how CCPA 2026 Regulations now impose new rules on opt-out requests, correction rights, ADMT, risk assessments, and cybersecurity audits.

Is a risk assessment on your 2026 roadmap? If your website uses cookies to serve behavioral or cross context advertising, it may need to be. As many who deal with California’s privacy law are aware, in several situations using the vendors needed to serve behavioral advertising cookies can ...

Track the latest U.S. data privacy updates, state legislation, enforcement actions, and regulatory developments in 2026.

Investigation into Delve, a compliance platform that allegedly fabricated compliance certifications, generated fake auditor conclusions from certification mills, and misled hundreds of customers into believing they were compliant with HIPAA, GDPR, and other frameworks. Delves US-based auditors were actually Indian certification mills operating through empty US shells.

20 states now have comprehensive privacy laws. See which laws take effect in 2026, what's changing, and what your organization needs to know to stay compliant. Proposed: Which state privacy laws take effect in 2026? Key dates, amendments, and compliance implications for all 20 states — updated ...

By Catalina Goanta & Anda Iamnitchi Article 40 of the Digital Services Act was hailed as a breakthrough for platform research. But what does the the procedure look like in practice? Drawing on their own rejected data access request, the authors reflect candidly on early lessons for the first ...

California continues to drive national privacy and data governance standards, and with only three months into 2026, the new year is proving to be an active regulatory, enforcement and litigation...

Grammarly's new 'Expert Review' feature simulates editorial feedback as if from figures like Stephen King or Carl Sagan — without their consent. Journalist Julia Angwin filed a class action lawsuit against Grammarly's parent company Superhuman, alleging violation of privacy and publicity rights. Hundreds of writers and public figures were impersonated without permission.

🇫🇷 French: Traduction du dossier Chat Control 2.0, stopchatcontrol.fr🇸🇪 Swedish: Chat Control 2.0🇩🇰 Danish: chatcontrol.dk🇳🇱 Dutch: Chatcontrole Table of contents: The End of the Privacy of Digital Correspondence and the End of Anonymous Communication Take action to stop Chat

California continues to drive national privacy and data governance standards, and with only three months into 2026, the new year is proving to be an…

Thanos Rammos, Richard Gläser and Debbie Heywood look at what to expect in terms of EU and UK regulation and enforcement of online safety.

Explore all major privacy laws coming in 2026, upcoming enforcement timelines, and practical compliance steps. Learn how to automate multi-region privacy operations.

Privacy compliance has entered a new phase—one defined not only by high-profile enforcement actions but by the growing expectation that organizations implement and maintain mature information governance programs capable of validating true, system-level technical compliance rather than merely ...

March 2026 Treasury report draws new line between crypto privacy and crypto crime.

TakeawaysUpdated California Consumer Privacy Act rules clarify obligations related to ADMT, risk assessments, and cybersecurity audits, requiring covered businesses to adopt new procedures and safeguards.Entities may need to update policies, notices, internal processes, or vendor agreements ...

In 2026, organizations face a cyber and data landscape that is increasingly fragmented, with AI continuing to dominate debate.

Global data protection laws are expanding fast in 2026. Track key regulatory trends, regional risks and what data access governance leaders must do to stay compliant.

Drawing from the Digital Policy Alert’s daily monitoring of G20 countries, the roundup summarizes the highlights in four core areas of digital policy.

The bipartisan push to remove anonymity from the internet is ushering in an era of unprecedented mass surveillance and censorship.

The California Privacy Protection Agency's 27 Feb., board meeting provided an update into consumer deletion requests and the agencies ongoing efforts to streamline data broker compliance of the California Delete Act’s Delete Request and Opt-Out Platform ahead of the 1 Aug. deadline.

Key point: Alabama’s House passed a consumer data privacy bill, amendments advanced in Utah and Virginia, and the text of the latest CTDPA amendment was

IAPP News Editor Joe Duball rounds up the new U.S. state privacy laws and rules that came into force 1 Jan. and the potential impacts they will bring.

Drawing from the Digital Policy Alert’s daily monitoring of G20 countries, the roundup summarizes the highlights in four core areas of digital policy.

PrivacyWorld’s Alan Friel and Kyle Fath broke down what companies need to consider in 2026 to meet new and ongoing data laws and regulations in a Stafford

The data privacy world is evolving at a break-neck pace—what are the biggest trends in data privacy in 2026 and how should you respond?

Troubling new legislation proposes a significant change to how businesses must respond to “massive” data breach incidents.

IAPP European Operations Coordinator Laura Pliauškaitė summarizes February developments among European privacy regulators.

The US has never had a single, unified privacy law. Instead, it has long operated under a sector-based, state-influenced patchwork. The 2026 updates to California’s CCPA do not change that reality.

Includes a cure period that expires mid-2026, increasing enforcement risk. NJ also requires honoring universal opt-out mechanisms starting mid-2025. Connecticut, Oregon and Other States (Amendments Effective in 2026) Oregon privacy law is being updated effective January 1, 2026, with stricter limits on precise geolocation data and youth data. Connecticut is enhancing sensitive data definitions and youth protections effective July 1, 2026. ... New CCPA...

The portal could potentially put Washington in the unfamiliar position of appearing to encourage citizens to flout local laws.

2026 brings major CCPA updates plus new privacy laws in IN, KY, and RI—covering ADMT opt-outs, risk assessments, audits, and brokers.

April 14, 2026 | Jeramie D. Scott, Director EPIC's Surveillance Oversight Program · The government wants to use AI to analyze Americans’ information obtained without a warrant though purchases from data brokers and “incidental” collection from foreign intelligence surveillance.

Section 702 of the Foreign Intelligence Surveillance Act is responsible for a huge share of intel collected by the U.S. Lawmakers and civil liberties advocates are worried it enables warrantless spying on U.S. citizens.

What began as a tool to identify threats to national security is becoming a surveillance infrastructure that can be used to track everyone.

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse.

Anthropic fought against the government’s misuse of its technology, but authorities are buying Americans’ data, enabling them to surveil citizens at scale

A French Navy officer uploaded a Strava workout from the deck of the Charles de Gaulle aircraft carrier, inadvertently exposing the vessel’s location as it headed toward the Middle East. The incident highlights longstanding risks from public fitness-tracking data, including operational security leaks involving military personnel and senior officials.

Patel confirms agency purchases tracking data as lawmakers push warrant requirement to close surveillance loophole.

Agencies are reportedly pooling immigration data, Social Security numbers, and more into a central database. FPF is suing to learn how deep it goes.

The UK’s tax and customs authority has been quietly amassing an arsenal of surveillance technology, signing contracts with companies that supply mobile phone tracking equipment and for downloading the content of mobile devices. Since multi-billion pound tax gaps have put HM Revenue and Customs ...

The agency is expanding detection and tracking technology projects while simultaneously loosening the reins on oversight.

We need to have a hard look at the surveillance industry. It is a key enabler of vast and untold violations of human rights and civil liberties, and it continues to be used by aspiring autocrats to threaten our very democracy. As long as it exists, the surveillance industry, and the data it ...

: After DHS’s $2.3M PenLink contract gets ‘shady’ label

Researchers strip away pseudonymity with large language models.

Bipartisan legislation seeking to establish guardrails and add transparency are surfacing ahead of a statute’s expiration that allows spy agencies to bypass court authorization.

AI tools built to guard America’s borders are now extending policing into America’s neighborhoods, as ICE begins tracking U.S. citizens.

GDPR fines now exceed €7.1 billion with €1.2 billion in 2025 alone. How enforcement acceleration and new state privacy laws reshape compliance strategy in 2026.

Track US state privacy law enforcement in 2026 and learn what actions your business must take with a practical, state-by-state compliance playbook.

On September 25, the California Privacy Protection Agency (CPPA) Board advanced OAL-approved updates to the California Consumer Privacy Act (CCPA), the

Sensitive-data enforcement is accelerating across U.S. and EU regimes. The FTC’s PADFAA reminder and California settlements targeting health-condition lists signal heightened scrutiny of data broker models and high-sensitivity targeting, with expectations around counterparty diligence and ...

Californians have the right to understand whether their data is being used to set individual prices they pay for items like groceries OAKLAND — In honor of Data Privacy Day, California Attorney General Rob Bonta today announced an investigative sweep focused on businesses’ use of consumers’ ...

Key point: Just one month into 2026, state lawmakers are already considering hundreds of AI and privacy related bills. In this post, we provide key

Data brokers buy up huge amounts of information from cell phones and browsers to sell for targeted advertising. But the government, including ICE, also buys the data.

Massive quantities of Americans’ personal information are being purchased by federal agencies from private brokers.

A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars.