Inside Privacy

Website: https://www.insideprivacy.com/
Follow:

Latest from Inside Privacy - Page 2

On February 19, 2026, the UK Court of Appeal handed down its decision in DSG Retail Limited v The Information Commissioner [2026] EWCA Civ 140. The Court ruled that a controller’s data security duty applies to all personal data for which it acts as controller – irrespective of whether the information would constitute personal

Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) announced a series of public town hall meetings to solicit additional stakeholder input on the Notice of Proposed Rulemaking (“Proposed Rule”) implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which CISA published in April 2024.  

Background

CIRCIA established two

On February 18, 2026, the European Data Protection Board (“EDPB”) published its Report on Stakeholder Event on Anonymisation and Pseudonymisation of 12 December 2025 (the “Report”). The Report summarises feedback from a remote stakeholder event convened to inform the EDPB’s ongoing work on Guidelines 01/2025 on Pseudonymisation (version for public consultation available here

On February 11, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) (jointly, the Authorities) issued a Joint Opinion on the European Commission’s proposed Digital Omnibus Regulation (Digital Omnibus). This follows their Joint Opinion of January 20, 2026 on the Digital Omnibus on AI.

The Digital Omnibus, as with

The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provides liability protections and other safeguards for sharing certain cybersecurity information with the U.S. federal government and private entities, was reauthorized as part of the funding bill enacted on February 3, 2026. CISA 2015’s information‑sharing provisions, which had been scheduled to sunset on January 30

The Federal Trade Commission (FTC) is poised to re-start a rulemaking process regarding disclosures and requirements for subscription and auto-renewing products and services.  On January 30, 2026, the FTC submitted a draft Advance Notice of Proposed Rulemaking (ANPRM) on the Rule Concerning the Use of Prenotification Negative Option Plans (the Rule), commonly known as the

AI agents have arrived. Although the technology is not new, agents are rapidly becoming more sophisticated—capable of operating with greater autonomy, executing multi-step tasks, and interacting with other agents in ways that were largely theoretical just a few years ago. Organizations are already deploying agentic AI across software development, workflow automation, customer service, and e-commerce,

On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.