GRC Report Staff

In a world where AI promises seem to be becoming as frequent as pop-up ads, the FTC’s decision to take on DoNotPay is a notable one. The company, which once boasted about offering “the world’s first robot lawyer,” has now been forced to face the music for its misleading marketing. The Federal Trade Commission has finalized an order against DoNotPay, following an investigation that questioned the legitimacy of their AI-powered legal services.

The Personal Information Protection Commission (PIPC) is gearing up for a busy 2025. At its second plenary meeting, the Commission outlined its investigative goals for the year, emphasizing both strict oversight of privacy practices and a more supportive, growth-friendly environment for businesses. Whether it’s diving deep into sectors closely tied to people's daily lives or making sure that emerging technologies like AI don’t compromise personal privacy, the PIPC is taking a multifaceted approach to privacy protection this year.

In his testimony before the Senate Banking Committee on Tuesday, Federal Reserve Chairman Jerome Powell faced a question that has been on the minds of many -What happens if the Consumer Financial Protection Bureau (CFPB), a critical agency tasked with consumer protection, faces diminished funding or is otherwise hindered in its operations?

As of 17 January 2025, the Digital Operational Resilience Act (DORA) has officially begun to reshape how the financial sector addresses ICT risk management. In response, the European Banking Authority (EBA) has made a series of key adjustments to its Guidelines on ICT and security risk management. These revisions, aimed at cutting down on duplication and creating clearer expectations for the market, help ensure that financial institutions aren’t bogged down by overlapping regulations.

At the AI Action Summit in Paris this week, five global data protection authorities made an important pledge. On the 6th of February, a joint declaration was signed by officials from Australia, Korea, Ireland, France, and the UK—each committed to fostering an artificial intelligence ecosystem that doesn’t just innovate, but also respects privacy and safeguards fundamental rights.

The reality of cybersecurity risks has hit home for many licensed corporations (LCs) in Hong Kong. The Securities and Futures Commission (SFC) recently unveiled findings from its latest 2023/24 Thematic Cybersecurity Review, shedding light on the alarming rise of material cybersecurity incidents in recent years. And the results? Not pretty.

In a world where artificial intelligence is pushing boundaries and reshaping industries, the question of how to protect individuals' privacy has never been more pressing. Fortunately, the GDPR (General Data Protection Regulation) isn't just a barrier to innovation—it can be the very tool that enables responsible AI development. The French Data Protection Authority, or CNIL, has just issued new recommendations that take the best of both worlds: advancing AI while ensuring personal data is treated with the respect it deserves.