Regulators didn’t slow down this October. Big fines, new privacy laws, and the EU’s push on AI and encryption made one thing clear, data compliance is entering a tougher, more transparent era.

01

California steps up CCPA enforcement with record fines

The California Privacy Protection Agency fined Tractor Supply Co. $1.35 million, its largest penalty to date, for mishandling job-applicant data. Days later, the Attorney General’s office reached a $530,000 settlement with Sling TV over weak opt-out controls and inadequate children’s data protections. Read more

02

Italy becomes first EU country to pass a full AI law

Italy has approved the EU’s first comprehensive national AI law, banning malicious deepfakes, restricting AI use in workplaces, and imposing strict transparency and accountability rules for data use. The law also adds protections for minors and algorithmic oversight requirements. Read more

03

California Governor signs landmark AI Safety Bill

Governor Gavin Newsom signed SB 53, the US’s first AI transparency law, mandating disclosure of safety practices, whistleblower protections, and incident-reporting obligations for large AI developers. Read more

04

EU accuses Meta and TikTok of breaching rules under the DSA

The European Commission has preliminarily found Meta and TikTok in breach of the Digital Services Act, citing failure to provide researcher data access and poor user-reporting systems for illegal content. Read more

05

Spanish court opens €550 million Meta data-protection trial

Over 80 Spanish publishers have sued Meta for alleged GDPR violations and unfair competition between 2018 and 2023, seeking €550 million in damages. The case could set a precedent for publisher-led enforcement in Europe. Read more

06

EU’s “Chat Control” proposal resurfaces

The European Council is again debating the controversial Chat Control bill, which would mandate scanning of private, encrypted communications for illegal content, a measure critics warn would effectively break end-to-end encryption across the EU. Read more

07

Maryland’s new privacy law takes effect

The Maryland Online Data Privacy Act took effect on October 1, adding Maryland to the growing list of U.S. states (including Iowa, Delaware, and Tennessee) with comprehensive consumer privacy laws. The law strengthens user rights over data collection and sharing. Read more

08

CPPA to launch DROP, a one-stop data-deletion tool

The Delete Request and Opt-out Platform (DROP) will let Californians send a single deletion or opt-out request to over 500 data brokers through one interface, a major consumer-rights milestone. Read more

09

noyb files criminal complaint against Clearview AI

Privacy NGO noyb has filed a criminal GDPR complaint against facial-recognition firm Clearview AI, citing persistent violations and unlawful biometric data scraping. The case could expose company executives to personal liability. Read more

10

California enacts 30-day data-breach notification law

A new California law now requires businesses to notify affected users of a data breach within 30 days, tightening the US’s strictest breach-disclosure timeline and mandating faster reports to the state Attorney General. Read more