With substantive data-protection provisions of the U.K. Data Use (and Access) Act 2025 (DUAA) beginning to apply near year's end, organizations should start monitoring new guidance from the Information Commissioner's Office (ICO), Robin Edwards, a member of the government's Department for Science, Innovation and Technology, said Wednesday during an IAPP webinar.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
The U.K. is providing adequate protection for personal data transferred from the EU, the European Commission said Tuesday, initiating the process to adopt a new adequacy decision.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Healthline apparently violated “the gossip test for sensitive data” when it shared with advertisers titles of articles that individual users were reading, which effectively suggested they had certain medical diagnoses, Cobun Zweifel-Keegan, IAPP managing director for Washington, D.C., posted on the privacy association’s website Friday.
Kayla Bushey has joined McNees Wallace and Nurick's privacy and data security team, where she will focus on privacy regulations, cybersecurity risks and AI governance, she announced in a LinkedIn post Wednesday. Previously, Bushey was a research fellow at IAPP and a legal intern at the FCC.
The U.S. Supreme Court decision that upheld Texas' law requiring age verification to access adult websites (see 2506270041) will have a ripple effect, prompting the creation of similar laws in states along with constitutional questions about how and where age verification can happen, said privacy experts in recent blog posts. Similarly, advocacy groups that disagreed with the high court's decision argued it may embolden other states to expand the definition of off-limits material, further challenging the First Amendment and ultimately letting politicians make content decisions (see 2507070037).
As laws and enforcement continue in the privacy and AI space, companies must pay attention to detail, panelists said during a webinar that vendor TrustArc hosted Tuesday.
Despite a modest fine, a settlement this week between Connecticut and online marketplace TicketNetwork over potential violations of the state's Data Privacy Act (CTDPA) (see 2507080010) includes significant takeaways, privacy professionals said. However, a consumer advocate said the $85,000 penalty -- the first under the CTDPA -- also shows how comprehensive privacy laws based on Connecticut's model don't do enough to protect consumers.
The Asia-Pacific (APAC) region appears to be taking a different approach to AI regulation and governance than the EU and U.S., privacy professionals told Privacy Daily.