Privacy is an ever-evolving landscape, meaning that company privacy policies, technologies and teams must be constantly updated, panelists said Wednesday during a webinar hosted by Didomi, a consent-management software vendor. With enforcement actions by regulators increasing and legislators continuing to implement new laws, companies must stay on top of the latest developments, they added.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
The IAPP on Tuesday unveiled a guide to Europe's digital law landscape for business, policy and tech audiences. The guide explains various digital regulations, changes being made, whom the measures affect and where the main risks and opportunities lie. Among other things, it maps the intersection of the GDPR with other laws, such as the AI Act, Digital Markets Act, Digital Services Act and Data Governance Act.
The first year of Saudi Arabia's Personal Data Protection Law (PDPL) showed "significant progress" in "establishing a robust data protection framework," data management consultant Abdulaziz Almanea wrote in an IAPP analysis.
Peru's DPA and legislature earlier this year tackled questions surrounding privacy and consumer rights, BarLaw data protection and intellectual property lawyer Carlos Farfan said in an IAPP opinion posted Wednesday.
The EU Council agreed Wednesday on its negotiating stance on several European Commission proposals, including one extending red-tape reduction rules to mid-cap enterprises, a move that will amend the GDPR.
DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
BOSTON -- Connecticut and Virginia are rethinking their approaches to comprehensive AI regulation in order to pass legislation that failed in 2025, Connecticut Sen. James Maroney (D) and Virginia Del. Michelle Lopes Maldonado (D) said Friday at the IAPP AI Governance conference.
BOSTON -- DOJ is revising its AI strategy and expects to publish it soon, said Christina Baptista, senior counsel for the Office of Privacy and Civil Liberties, during a panel Thursday at the IAPP AI Governance Global North America.
BOSTON -- How a company communicates with privacy enforcers and responds to potential legal action are major factors in whether a formal, public settlement is issued, Tyler Bridegan, privacy and tech enforcement director in the Texas attorney general's office, said at the IAPP AI Governance conference Thursday.
The 9th U.S. Circuit Court of Appeals appears to be taking a more restrictive approach to standing in data breach and privacy cases than other circuits, said Jim Dempsey, managing director for the IAPP Cybersecurity Law Center, in a blog post Thursday.