Activity Tracker
The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.
197 events advancing 172 policy or regulatory changes:
Graph
Table
SEC investigation into technological companies over alleged misleading cybersecurity disclosures
Issued ruling in SEC investigation into technological companies over alleged misleading cybersecurity disclosures
On 22 October 2024, the United States Securities and Exchange Commission (SEC) charged four companies, Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited, with providing materially misleading information …
European Affairs Committee inquiry on UK-EU Data Adequacy
Issued findings following inquiry into UK-EU Data Adequacy
On 22 October 2024, the House of Lords European Affairs Committee wrote to the Secretary of State outlining conclusions and recommendations from their inquiry into UK-EU data adequacy. The inquiry, launched in March 2024, was driven by the June 2025…
CFPB Personal Financial Data Rights Rule
Adopted Final Rule on Personal Financial Data Rights by Consumer Financial Protection Bureau
On 22 October 2024, the Consumer Financial Protection Bureau (CFPB) adopted the final rule on personal financial data rights. The rule mandates financial institutions to provide consumers with their data in a secure and usable format upon request. T…
FCC's Privacy and Data Protection Task Force partnerships with ten state Attorneys General
Announced FCC’s Privacy and Data Protection Task Force partnerships with ten state Attorneys General
On 21 October 2024, the Federal Communications Commission's (FCC) Privacy and Data Protection Task Force announced partnerships with ten state Attorneys General, expanding efforts to protect consumer privacy, data, and cybersecurity. These partnersh…
CISA security requirements for restricted transactions pursuant to Executive Order 14117
Announced CISA security requirements for restricted transactions pursuant to Executive Order 14117
On 21 October 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published the draft security requirements for restricted transactions pursuant to Executive Order 14117. The security requirements are aimed at protecting US sensitive p…
TC260 cybersecurity standards practice guidelines
Adopted TC260 cybersecurity standards practice guidelines
On 21 October 2024, the National Information Security Standardisation Technical Committee (TC260) adopted cybersecurity standards practice guidelines. The guidelines' purpose is to regulate the drafting and management of the TC260 guidelines, which …
OAIC guidance on privacy and the use of commercially available AI products
Published OAIC guidance on privacy and the use of commercially available AI products
On 21 October 2024, the Office of the Australian Information Commissioner (OAIC) published guidance on privacy and the use of commercially available AI products. The guidance emphasises that organisations and government agencies must comply with pri…
OAIC Guidance on Privacy and Developing and Training Generative AI Models
Adopted Guidance on Privacy and Developing and Training Generative AI Models
On 21 October 2024, the Office of the Australian Information Commissioner issued guidance on privacy considerations for developing and training generative artificial intelligence (AI) models. The guidance outlines measures to address privacy concern…
PIPC Guideline on Notification on the Method of Transmitting Personal Information and Designation of Personal Information Management Organizations
Closed consultation on PIPC Guideline on Notification on the Method of Transmitting Personal Information and Designation of Personal Information Management Organisations
On 21 October 2024, the Personal Information Protection Committee (PIPC) of Korea closed its consultation on the guidelines for the methods of transmitting personal information and the designation of specialized institutions for managing such inform…
Justice Department Rule on Access to Americans' Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern implementing EO 14117
Announced DOJ NPRM on Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern
On 21 October 2024, the United States Department of Justice (DOJ) issued a Notice of Proposed Rulemaking (NPRM) concerning the Rule on Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern, implementin…