GRC Report Staff

‍The European Commission said it has formally acknowledged Meta’s commitment to introduce a clearer, more meaningful decision point for Facebook and Instagram users across the EU. Beginning in January 2026, people will be offered two distinct paths—continue sharing their full data footprint for highly tailored advertising, or opt for a version of the apps that relies on less personal information and delivers more limited ad personalization.

After months of pressure on website operators, the Information Commissioner’s Office says more than 95% of the UK’s top 1,000 most-visited websites now meet legal requirements when asking users to consent to advertising cookies. It’s a shift the regulator estimates has given roughly 40 million people, about 80% of the population over 14, much more meaningful say over how companies can track their browsing for targeted ads.

Europe’s top privacy regulator wants online shopping to come with fewer strings attached, specifically unnecessary user accounts. At its latest plenary session on Thursday, the European Data Protection Board (EDPB) adopted new recommendations urging e-commerce companies to let people shop without being pushed into creating accounts that vacuum up personal data.

The Bank of England’s Prudential Regulation Authority has issued a refreshed set of expectations for how banks and insurers manage climate-related risks, a big shift from early awareness-building to full integration in risk processes.

A U.S. audit firm has been hit with regulatory sanctions after federal oversight officials found it leaned on an unregistered China-based firm to handle major portions of its audit work and failed to properly supervise or disclose that involvement.

Securities America for years failed to properly supervise the sale and switching of Class A mutual funds, leading investors to pay more than $2 million in avoidable costs, according to the Financial Industry Regulatory Authority (FINRA). In a settlement finalized through a Letter of Acceptance, Waiver, and Consent, which the firm neither admitted nor denied, FINRA issued a censure, a $1 million fine, and $2,019,040 in restitution to impacted customers. Interest will also be added to each payment.

The UK’s online safety regulator is making an example of adult content providers who still allow children to stumble onto explicit material with little more than a checkbox standing in their way. On Thursday, Ofcom announced a £1 million fine against AVS Group, the operator of 18 adult websites, after concluding the company had failed to put “highly effective” age assurance in place, a new legal requirement under the landmark Online Safety Act.