Europe’s data regulators are turning the spotlight on transparency, one of the GDPR’s most fundamental principles. During its October plenary, the European Data Protection Board (EDPB) agreed that its 2026 Coordinated Enforcement Framework (CEF) action will focus on how well organizations are informing people about the use of their personal data under Articles 12, 13, and 14 of the regulation.
Eight major auto insurance companies have agreed to pay more than $19 million in penalties to New York State following a sweeping cybersecurity investigation by the Department of Financial Services (DFS). The enforcement action, announced Tuesday by Superintendent Adrienne A. Harris, revealed failures in data security controls that exposed the personal information of New Yorkers through online insurance quoting systems.
The European Parliament’s Legal Affairs Committee has approved new draft rules that would significantly reduce the number of companies required to conduct sustainability reporting and comply with due diligence obligations.
The UK’s Financial Conduct Authority (FCA) has secured $101 million in redress for UK and other non-U.S. investors in a fund sub-managed by BlueCrest Capital Management, concluding a years-long legal battle over the firm’s mishandling of conflicts of interest.
The European Commission has fined high-end fashion houses Gucci, Chloé, and Loewe a total of more than €157 million for restricting independent retailers’ ability to set their own prices, an anticompetitive practice known as resale price maintenance (RPM). The Commission said the pricing restrictions, which ran for years across the European Economic Area (EEA), raised prices and reduced consumer choice in the luxury fashion market.
Australia’s privacy regulator has reminded social media companies that privacy must remain front and center as new age restrictions come into force later this year. The Office of the Australian Information Commissioner (OAIC) on Friday published regulatory guidance for age-restricted social media platforms and age assurance providers under the forthcoming Social Media Minimum Age (SMMA) scheme, which begins on December 10.
Visa and Mastercard have agreed to pay a combined $199.5 million to resolve a long-running class action lawsuit accusing them of unfairly shifting fraud-related costs to merchants. The proposed deal, filed in the U.S. District Court for the Eastern District of New York, marks the latest in a string of settlements over card network rules and awaits approval from Chief Judge Margo Brodie, according to a recent Reuters report.