Privacy & Cybersecurity Law Blog

On February 11, 2026, California Attorney General Rob Bonta announced a record $2.75 million settlement with the Walt Disney Company to resolve allegations that the company did not sufficiently comply with consumer opt-out rights under the California Consumer Privacy Act.  

On February 12, 2026, South Korea’s National Assembly passed amendments to the Personal Information Protection Act authorizing administrative fines of up to 10% of a company’s total revenue in certain high-severity data breach cases.

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

On February 3, 2026, the UK Information Commissioner’s Office publicly confirmed that it has launched formal investigations into X Internet Unlimited Company and X.AI LLC, focused on the Grok artificial intelligence system.

On February 5, 2026, the UK Information Commissioner’s Office announced a £247,590 fine against MediaLab.AI, Inc., the company behind the image-sharing platform Imgur, for failing to lawfully process children’s personal information. 

On January 28, 2026, the U.S. Federal Trade Commission held a workshop entitled “Protecting American Children: A Workshop to Explore Age Verification Technologies.”

On February 5, 2026, the next phase of the UK Data (Use and Access) Act officially came into force, bringing most of its provisions, including the major reforms in Part 5, into effect.

On January 27, 2026, Data Privacy Day, the California Office of the Attorney General announced an investigative sweep into surveillance pricing, a type of algorithmic pricing that uses personal information to set individualized prices, and how such practices may violate the California Consumer Privacy Act.

On January 27, 2026, the Centre for Information Policy Leadership hosted a fireside chat with California Privacy Protection Agency General Counsel Phil Laird in honor of Data Privacy Day.

On January 30, 2026, the Cybersecurity Administration of China released a Q&A document on policies and regulations for the security management of cross-border data transfers.