GRC Report Staff

The Personal Information Protection Commission (PIPC) recently unveiled its policy directions for 2026, laying out a sweeping plan to move Korea’s privacy regime away from after-the-fact penalties and toward a more preventive, risk-based approach designed for an AI-embedded society. The roadmap was presented on December 2 at the Sejong Convention Center during a joint reporting session with the Ministry of Science and ICT, the Korea Aerospace Administration, and the Korea Media and Communications Commission.

The Financial Conduct Authority has welcomed the UK government’s move to reform the country’s benchmarks framework, signaling support for a shift away from the EU-era Benchmarks Regulation toward a more targeted, UK-specific regime.

California’s privacy regulator is sharpening its focus on data brokers that may be obscuring their identities or relying on corporate affiliations to sidestep registration requirements, as a new consumer deletion platform prepares to go live in 2026.

Australia’s banking and financial crime regulators have moved to tighten oversight of Bendigo and Adelaide Bank after an independent Deloitte review uncovered serious shortcomings in how the lender manages money laundering and broader non-financial risks.

France’s competition authority has turned its attention to a growing tension at the heart of artificial intelligence. As AI systems scale across Europe, the energy and environmental costs of that expansion are becoming a competition issue in their own right.

South Korea’s media and telecoms regulator has launched an investigation into Coupang, examining whether the e-commerce giant has unlawfully made it difficult for users to delete their accounts in the wake of a massive personal data breach that rattled the country earlier this year.

The Netherlands’ data protection authority has warned users and organizations to think carefully before continuing to use TikTok, after confirming that the platform is still transferring personal data of European users to China despite a joint finding by EU privacy regulators that such transfers are unlawful under the GDPR.