Ireland’s Data Protection Commission has opened a formal inquiry into Infinite Styles Services, the Irish entity of SHEIN, examining how it transfers the personal data of EU and EEA users to China.
The Federal Trade Commission is moving to restrict how one of the data broker industry’s more prominent players handles location data, proposing a settlement that would prohibit Kochava and its subsidiary Collective Data Solutions from selling or sharing sensitive location information unless consumers have clearly agreed to it.
South Korea’s Personal Information Protection Commission is adjusting how it expects companies to explain their data practices, updating its Guidelines on Writing a Privacy Policy to better reflect how information is actually handled in an era shaped by generative AI and on-device computing.
In a notice circulated to trade associations, the Italian Data Protection Authority has said that hotels, bed and breakfasts, and guesthouses must not retain photocopies or digital images of guests’ identity documents beyond the time needed to transmit required information to public security authorities. The clarification comes as the regulator reports a rise in complaints and personal data breaches in recent months.
The European Commission and the European Data Protection Board (EDPB) recently confirmed that they will begin joint work to develop guidance on how competition laws and data protection interact. The effort is aimed at clarifying how each body of law applies in situations where their boundaries blur, an increasingly common reality in a data-driven economy.
Ten years after its adoption, the General Data Protection Regulation has become something far more consequential than a legal framework. It has quietly reshaped how power is exercised in the digital economy, defining not just how data is protected, but who is accountable for it.
ADT, one of the United States' most recognizable home security brands, has disclosed a cybersecurity incident in which an unauthorized party gained access to a limited set of customer and prospective customer data. The company's security systems detected the intrusion on April 20, triggering an immediate containment response that terminated the access, engaged third-party forensic investigators, and notified law enforcement.