Privacy & Cybersecurity Law Blog

On February 5, 2026, the UK Information Commissioner’s Office announced a £247,590 fine against MediaLab.AI, Inc., the company behind the image-sharing platform Imgur, for failing to lawfully process children’s personal information. 

On January 28, 2026, the U.S. Federal Trade Commission held a workshop entitled “Protecting American Children: A Workshop to Explore Age Verification Technologies.”

On February 5, 2026, the next phase of the UK Data (Use and Access) Act officially came into force, bringing most of its provisions, including the major reforms in Part 5, into effect.

On January 27, 2026, Data Privacy Day, the California Office of the Attorney General announced an investigative sweep into surveillance pricing, a type of algorithmic pricing that uses personal information to set individualized prices, and how such practices may violate the California Consumer Privacy Act.

On January 27, 2026, the Centre for Information Policy Leadership hosted a fireside chat with California Privacy Protection Agency General Counsel Phil Laird in honor of Data Privacy Day.

On January 30, 2026, the Cybersecurity Administration of China released a Q&A document on policies and regulations for the security management of cross-border data transfers. 

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

The U.S. Supreme Court will soon decide who qualifies as a “consumer” under the federal Video Privacy Protection Act, a 1988 law originally enacted to protect the privacy of individuals’ video rental and purchase records.

As Oregon celebrated Data Privacy Day on January 28, Oregon Attorney General Dan Rayfield spotlighted a major advance in consumer data protection in the state: the Universal Opt-Out tool, now available to all Oregon residents under the Oregon Consumer Privacy Act.

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.