ICO Updates Cookie Consent Rules Under the Data (Use and Access) Act — What Organisations Need to Do Now
The Data (Use and Access) Act 2025 creates five new PECR cookie consent exemptions from February 2026. What your organisation…
Articles
Practical guidance on UK GDPR, data protection, and privacy compliance. From ICO enforcement updates to implementation guides, we help you stay informed and compliant.
Indiana Consumer Data Protection Act — What Managers Need to Know in 2026
Indiana Consumer Data Protection Act (INCDPA) is now in force. The enforcement grace period ends July 1, 2026. What managers…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
Copyright vs. GDPR: The Tension in AI Training and Data Protection
Every dataset scraped from the internet to train an AI model contains two things: copyrighted material and personal data. A…
Cross-Border Data Breach Lawsuits: Courts Are Coming for You
An Estonian crypto company with no office in the US just got dragged into a California courtroom. A facial recognition…
Age Verification Is No Longer Optional: How Regulators Are Raising the Bar
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
The UK Just Quietly Flipped the Switch on Automated Decisions
There’s a question doing the rounds in data protection circles: do the UK’s new automated decision-making rules actually change anything?…
UK Data Use and Access Act: What Changes on 5 February 2026 and How to Prepare
The UK’s Data (Use and Access) Act 2025 (DUAA) comes into force on 5 February 2026. Before you worry about…
AI Note Taking Tools and GDPR: Do You Need a New Lawful Basis?
Using AI tools for meeting notes and transcription? Find out whether you need a new lawful basis under UK GDPR…
ICO Launches Investigation into X and xAI Over Grok Deepfake Concerns
The Information Commissioner’s Office has announced formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC over concerns that…
Indiana INCDPA Fines: What We Know So Far
The Indiana Consumer Data Protection Act took effect on January 1 2026. The Indiana Attorney General has signaled an intention…
Rhode Island RIDTPPA Fines: What We Know So Far
The Rhode Island Data Transparency and Privacy Protection Act took effect on January 1 2026. The law is notable for…
Kentucky KCDPA Fines: What We Know So Far
The Kentucky Consumer Data Protection Act takes effect on January 1 2026. As of this writing, the law is not…
Minnesota CDPA Fines: What We Know So Far
The Minnesota Consumer Data Privacy Act took effect on July 1 2025. The law includes unique requirements like the right…
MODPA Fines: What We Know So Far
The Maryland Online Data Privacy Act took effect on October 1 2025, though it does not apply to processing activities…
Austria Orders Microsoft to Stop Tracking School Children
The Austrian data protection authority has ruled that Microsoft illegally installed tracking cookies on a student’s device through its 365…
US Privacy Enforcement Isn’t Slowing Down
If you thought US privacy enforcement was winding down, think again. Despite predictions that changes in Washington would put the…
NDPA Fines: What We Know So Far
The Nebraska Data Privacy Act took effect on January 1 2025. The law’s broad applicability, due to its lack of…
NHPA Fines: What We Know So Far
The New Hampshire Privacy Act took effect on January 1 2025, with universal opt-out mechanism requirements active from day one.…
NJDPA Fines: What We Know So Far
The New Jersey Data Protection Act took effect on January 15 2025. The law covers New Jersey’s nearly 9 million…