IT Security & Privacy

The UK’s online safety regulator Ofcom has opened a fresh set of investigations under the Online Safety Act, sharpening its focus on how platforms assess and manage risks tied to AI-driven services and illegal content. The actions target X over the use of its Grok AI chatbot, as well as Novi Ltd’s AI companion chatbot service, while also highlighting how regulatory pressure has already forced Snapchat to rethink its approach to illegal content risks.

The Federal Trade Commission has finalized a far-reaching settlement with General Motors and its connected-vehicle subsidiary OnStar, closing a case that puts the fast-growing connected car economy squarely in the regulator’s sights.

In a statement recently published, the Danish Data Protection Authority laid out the areas that will receive special attention in its supervisory work this year. The priorities form the backbone of inspections, guidance, complaint handling, and European cooperation planned for 2026, and they reflect a growing unease about how fast-moving technologies are reshaping everyday data processing, often in ways individuals have little real ability to resist.

Sweden’s data protection watchdog is starting 2026 with a quieter but meaningful internal reset, one that reflects how enforcement, guidance, and technology are increasingly intertwined in day-to-day GDPR oversight.

A federal judge has approved a $10 million settlement requiring Disney to resolve allegations that the company enabled the unlawful collection of children’s personal data through kid-directed content on YouTube, marking the latest escalation in U.S. enforcement of children’s online privacy rules.

The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has published new guidance aimed squarely at federal public authorities developing or using AI systems, particularly large language models (LLMs). The guide, “AI in Public Authorities – Considering Data Protection from the Outset,” is intended to help officials spot data protection issues early and take a more structured, practical approach to AI projects.

France’s data protection authority has fined Nexpublica €1.7 million after finding that the company failed to properly secure software used to manage highly sensitive personal data in the social services sector.