On March 31, 2026, the Office of the Australian Information Commissioner (OAIC) released its much-anticipated Exposure Draft of the Privacy (Children’s Online Privacy) Code (Draft Code). It introduces a number of novel concepts in addition to drawing from the UK Age-Appropriate Design Code (UK AADC), in an effort to “uplift privacy practices across entities more broadly” and keep children’s privacy safe in Australia.  This posts breaks down how it could impact businesses.

Continue Reading Australia’s Exposure Draft Children’s Online Privacy Code – What this could mean for your business?

Connecticut Attorney General William Tong recently issued an advisory memorandum (“Advisory”) to all “State Officials, Agencies and Concerned Parties” about how existing Connecticut laws apply to artificial intelligence (“AI”).

In the Advisory, Attorney General Tong hints at enforcement priorities and offers businesses a roadmap for compliance in describing how Connecticut’s civil rights, privacy and data security, competition, and consumer protection laws apply to AI system use.  Businesses operating in Connecticut are reminded that, even without a statewide AI law, obligations under these laws regulate their AI system use.  Those Connecticut residents who read the Advisory are reminded of their rights and encouraged to report AI related harms to the Connecticut Office of the Attorney General (“OAG”).

Continue Reading Old Laws, New Tricks: Connecticut AG Issues Advisory on How Current Connecticut Laws Apply to Artificial Intelligence

On March 20, 2026, Oklahoma Governor Stitt signed the first new comprehensive state privacy law of 2026. The “Act relating to data privacy” is in force on January 1, 2027. In this post, we compare the new Oklahoma privacy law to the other 20 state consumer privacy laws already in force below.

Continue Reading Oklahoma’s New Privacy Law Sweeps In

The countdown is on—the IAPP Global Privacy Summit is only six days away, and we’re looking forward to seeing so many of you in Washington, DC, for another energizing and insightful week in the privacy community. If you’ll be in town, we’d love to connect.

Continue Reading We Hope to See You at the IAPP Global Privacy Summit!

Following unanimous votes by the California legislature and signature by the Governor, California enacted an Age-Appropriate Design Code Act (CAADCA) in September 2022 (codified at CA Civil Code Section 1798.99.28-32), as a measure purportedly “aimed at protecting the wellbeing, data, and privacy of children [under 18] using online platforms.” Industry group NetChoice soon turned to federal court and sought an injunction seeking to prevent the law from being enforced on the grounds, among others, that it violates the First Amendment and the dormant Commerce Clause of the United States Constitution and is preempted by other federal statutes addressing online child safety, including the Children’s Online Privacy Protection Act (COPPA).

Continue Reading The Future of the CA Age-Appropriate Design Code Act: What Remains, What’s Still Open to be Contested, and What Companies Must Consider for Minors’ Online Safety

In its press release relating to the Court of Justice of the European Union (CJEU) judgment of 10 February 2026 in Case C-97/23 P, the CJEU has confirmed that the action brought by an organization against a Binding Decision of the European Data Protection Board (EDPB) is admissible.

With this decision, the CJEU has clarified that organizations have a right of direct appeal against binding decisions of the EDPB on which a national authority’s decision against them is based.

Continue Reading EDPB Binding Decisions Can Be Challenged Directly by Organizations Before EU Courts

PrivacyWorld is pleased to present the latest edition of SPB’s Advertising Media and Brands Updates.  Topics include:

  • AI and intellectual property
  • Agentic AI
  • US tax changes for prize promotions
  • EU Digital Networks Act
  • Anti-counterfeiting

Stay Ahead on Consumer Privacy News

Not a subscriber yet? Subscribe here to be among the first to receive timely updates on the fast-moving world of data privacy, security, and innovation—delivered straight to your inbox.

Looking for deeper insights and expert analysis? You can also subscribe here to our privacy attorneys’ marketing communications for thought leadership and rich content when you need a more comprehensive perspective.

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CalPrivacy Update: Shifting to Structural Compliance and Auditing

Towards a Contextual Concept of Personal Data Under the GDPR: the Commission Moves Forward, the EDPB and EDPS Push Back

A Timely Look at HR Data and AI Regulation Trends: Webinar Recording Available

Join Us at the IAPP Global Privacy Summit in Washington, DC!

Stay Ahead on Consumer Privacy News

Not a subscriber yet? Subscribe here to be among the first to receive timely updates on the fast-moving world of data privacy, security, and innovation—delivered straight to your inbox.

Looking for deeper insights and expert analysis? You can also subscribe here to our privacy attorneys’ marketing communications for thought leadership and rich content when you need a more comprehensive perspective.

Privacy compliance has entered a new phase—one defined not only by high-profile enforcement actions but by the growing expectation that organizations implement and maintain mature information governance programs capable of validating true, system-level technical compliance rather than merely projecting the appearance of it.  A spate of recent California enforcement actions makes clear that companies must be prepared to validate how privacy control’s function, including across systems, platforms, and data flows, making thoughtful, system-oriented self-assessment an increasingly important tool for aligning policy commitments with operational reality—before regulators do it for them.  SPB helps client’s self-access, identify gaps and remediate issues under the cloak of privilege.

Continue Reading CalPrivacy Update: Shifting to Structural Compliance and Auditing

The European Data Protection Board1 (EDPB) and the European Data Protection Supervisor2 (EDPS) adopted on 10 February 2026 a joint opinion (Joint Opinion 2/20263) on the European Commission’s Digital Omnibus initiative (described by the Commission as “a set of technical amendments to a large corpus of digital legislation, selected to bring immediate relief to businesses, public administrations, and citizens alike, and to stimulate competitiveness”).

Although both bodies welcome (and largely endorse) the Commission’s proposals set out in the initiative (subject to certain caveats), the opinion expresses marked unease with the proposed approach to redefining personal data, which would be recalibrated to align with the CJEU’s most recent interpretation of the concept [Case C-413/23 (EDPS v SRB)4].

Continue Reading Towards a Contextual Concept of Personal Data Under the GDPR: the Commission Moves Forward, the EDPB and EDPS Push Back