On March 30, 2026, the World Data Organization (WDO) was officially launched in Beijing. The WDO describes itself as a non-governmental, non-profit organization headquartered in Beijing, with a stated mission of “bridging the data divide, unlocking data’s value, and powering the digital economy.” The WDO is a China-headquartered effort to address a governance gap: while […]
Data Protection
Britain’s Financial Regulators Raise the Bar on Cyber Reporting and Resilience
Cyber risk has shifted from a technical issue to a systemic one and Britain’s financial regulators are making that reality unmistakably clear. On March 18, 2026, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England announced a new, unified cyber and operational resilience framework that strengthens the requirements on how firms […]
Ninth Circuit Partially Lifts Injunction Against California Age-Appropriate Design Code Act
On March 12, 2026, the United Sates Court of Appeals for the Ninth Circuit (Ninth Circuit) partially vacated the preliminary injunction by the United States District Court for the Northern District of California (district court) that had blocked the enforcement of the California Age-Appropriate Design Code Act (CAADCA). Several key CAADCA provisions remain enjoined, but […]
CalPrivacy Seeks Input on Reducing Friction in Privacy Rights Experience and Challenges with Opt-Out Preference Signals
On March 6, 2026, the California Privacy Protection Agency (CalPrivacy) published an Invitation for Preliminary Comments seeking public input on whether regulatory changes are needed in two related areas under the California Consumer Privacy Act (CCPA): (1) reducing friction in exercising privacy rights ; and (2) the operation and use of opt-out preference signals (OOPS). […]
Spanish DPA Releases Agentic AI Guidance
On 18 February 2026, the Spanish Data Protection Authority (Agencia Española de Protección de Datos or ‘AEPD’) published an 81‑page guidance document on the privacy aspects of AI systems operating as agents – commonly referred to as ‘agentic AI’. The guidance is aimed at companies that process personal data under the EU General Data Protection […]