The Cyberspace Administration of China completed an investigation of 82 apps under the Personal Information Protection Law following various complaints. The CAC investigation found four apps provided insufficient disclosures on data collection and use policies, while the other 78 apps did not offer a function to delete or correct personal information.
Full story
Author: IAPP IAPP News
Former U.S. Army soldier Cameron John Wagenius pleaded guilty to unlawfully breaching consumer phone data from AT&T and Verizon's information systems, TechCrunch reports. U.S. Attorney Tessa Gorman said the cyberattack used "the same computer intrusion and extortion and include some of the same stolen victim information" as the cyberattack on cloud computing company Snowflake, leaving prosecutors to believe the security incidents are connected.
Full story
Poland's data protection authority, the UrzÄ…d Ochrony Danych Osobowych, published an updated guide on data protection violations and engaging with the UODO regarding violations. The updates include revised procedures for responding to violations, practical examples, and recommendations for conducting risk assessments and avoiding data breaches.
Full story
The Office of the Australian Information Commissioner said it will accept nonprofit Oxfam Australia's plan to improve data protection practices after it sustained a data breach affecting up to 1.7 million records. Accepting the plan does not mean the charity has been found in violation of the country's privacy laws. Undertakings include new data retention and sharing policies as well as implementing password security controls.
Full story
U.S. Department of Government Efficiency staffers have now been installed within the U.S. Cybersecurity Infrastructure Agency, Wired reports. DOGE's access to CISA data is unclear at this point. Meanwhile, Axios reports federal judges have little precedent to follow with lawsuits filed against DOGE's work alleging violations of the Privacy Act and the E-Government Act. Editor's note: IAPP Staff Writer Caitlin Andrews recapped recent DOGE privacy developments.
Full story
The European Consumer Organisation released a report highlighting policy recommendations for improved children's data protection and online safety. The BEUC recommended the EU adopt rules to prevent addictive social media features and surveillance advertisements targeted toward minors. Meanwhile, the Foundation for American Innovation analyzed age verification systems that could allow users to "confirm their age without disclosing sensitive personal data, thereby maintaining anonymity and reducing the risk of data breaches."
Full story
Iceland's data protection authority, the Persónuvernd, fined the Capital Region Health Service ISK5 million after determining it allegedly did not show it had a legal basis to merge its record systems with other parties under the Medical Records Act. Those other parties were able to access records outside their institution.
Full story
The Trump administration's fast-moving efforts to limit the size of the U.S. federal bureaucracy, primarily through the recently minted Department of Government Efficiency, are raising privacy and data security concerns among current and former officials across the government, particularly as the administration scales back positions charged with privacy oversight. IAPP Staff Writer Caitlin Andrews round up the latest developments, including an executive order related to the independence of some federal agencies.
Full story
For organizations to build an effective data protection program "it's essential for privacy and security teams to work in concert," Red Clover Advisors founder and CEO Jodi Daniels, CIPP/US, writes in an op-ed. Daniels discussed why it is key for privacy and security teams to align their priorities and offered recommendations for potential collaboration.
Full story
The U.K. Information Commissioner’s Office published its 2025 "Tech Horizons" report. The third edition of the report highlights four technologies that could "significantly affect society, the economy and information rights" over the ensuing several years. Technologies covered include connected vehicles and transportation, quantum sensing and imaging, digital diagnostics and health care infrastructure, and identifying and detecting synthetic media.
Full story