GRC Report Staff

Australia’s privacy regulator has reminded social media companies that privacy must remain front and center as new age restrictions come into force later this year. The Office of the Australian Information Commissioner (OAIC) on Friday published regulatory guidance for age-restricted social media platforms and age assurance providers under the forthcoming Social Media Minimum Age (SMMA) scheme, which begins on December 10.

Visa and Mastercard have agreed to pay a combined $199.5 million to resolve a long-running class action lawsuit accusing them of unfairly shifting fraud-related costs to merchants. The proposed deal, filed in the U.S. District Court for the Eastern District of New York, marks the latest in a string of settlements over card network rules and awaits approval from Chief Judge Margo Brodie, according to a recent Reuters report.

In a big step toward embedding sustainability into legal frameworks across Latin America, UK-based nonprofit The Chancery Lane Project (TCLP) has announced the successful transposition of 17 climate-aligned clauses into Mexican law. The initiative, achieved in partnership with Nader, Hayaux & Goebel and Hogan Lovells, was unveiled at the Global Alliance of Impact Lawyers (GAIL) Summit in Mexico City.

Australia just crossed a major privacy enforcement milestone. The Federal Court has ordered Australian Clinical Labs (ACL) to pay $3.8 million (AUD $5.8 million) in penalties after a cyberattack on its Medlab Pathology business exposed the personal information of more than 223,000 individuals.

Germany’s financial watchdog, BaFin, has fined Oldenburgische Landesbank AG €910,000 ($992,000) after uncovering multiple compliance and control breaches under the German Securities Trading Act (WpHG) during 2020 and 2021.

Australia’s financial watchdog has issued a pointed warning to licensees relying on offshore service providers, urging stronger oversight and risk management after a review uncovered governance shortfalls that could leave consumers and investors exposed.

The European Data Protection Board (EDPB) and the European Commission have issued their first-ever joint guidelines, clarifying how the Digital Markets Act (DMA) interacts with the General Data Protection Regulation (GDPR). The document aims to provide legal certainty and consistency for companies subject to both frameworks, particularly large online platforms designated as “gatekeepers.”