Activity Tracker
The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.
661 events advancing 500 policy or regulatory changes:
Graph
Table
Office of Communications' Guidance for Data Preservation Notices under Data (Use and Access) Act
Office of Communications adopted statement on consultation on data preservation notices consultation under Data (Use and Access) Act
On 15 December 2025, the Office of Communications (Ofcom) adopted a statement on data preservation notices under the Data (Use and Access) Act 2025 addressing the responses to its consultation. In the statement, Ofcom sets out its decisions regardin…
Personal Information Protection Commission investigation into 2K Games' compliance with Personal Information Protection Act's security obligations
Personal Information Protection Commission fined 2K Games KRW 217.1 million for noncompliance with security obligations
On 11 December 2025, the Personal Information Protection Commission (PIPC) fined 2K Games KRW 217.1 million for a personal information breach affecting approximately 12,906 domestic users. The breach, discovered around 28 September 2022, occurred af…
Cybersecurity regulation in Law on Digital Transformation, 2025
National Assembly adopted Law on Digital Transformation including cybersecurity regulation
On 11 December 2025, the National Assembly of Vietnam adopted the Law on Digital Transformation. The Law sets out cybersecurity obligations for organisations and individuals participating in digital transformation. Article 4(5) establishes requireme…
Cybersecurity regulation in amended Press Law
National Assembly adopted Amended Press Law including cybersecurity regulation
On 10 December 2025, the amended Press Law, including cybersecurity regulation, was adopted by the National Assembly. The Law includes rules requiring press agencies operating online to comply with cybersecurity regulations, their approved mandates,…
Data protection regulation in Law on Artificial Intelligence
Law on Artificial Intelligence including data protection regulation was adopted by the National Assembly
On 10 December 2025, the National Assembly of Vietnam adopted the Law on Artificial Intelligence, including data protection obligations for artificial intelligence (AI) systems. Article 7(3) prohibits the unlawful collection, processing, or use of d…
Personal Information Protection Commission investigation into Amazon Web Services, Azure, and Naver Cloud Platform over Personal Information Protection Act compliance
Personal Information Protection Commission concluded assessment of Amazon Web Services, Microsoft Azure, and Naver Cloud Platform on personal information protection
On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review into cloud service providers, including Amazon Web Services, Azure, and Naver Cloud Platform. In June 2025, the PIPC assessed the services to test compli…
Personal Information Protection Commission investigation into Meta for alleged unlawful collection and use of sensitive user data
Personal Information Protection Commission concluded its review of Meta’s compliance with Personal Information Protection Act in relation to targeted advertising practices
On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review of Meta's compliance with the order issued over the breach of the Personal Information Protection Act. In November 2024, the PIPC's investigation determi…
Personal Information Protection Commission investigation into enhancing security of auto-login services in web browsers
Personal Information Protection Commission concluded review of providers' compliance with social login data-deletion recommendations
On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review assessing the implementation of improvement recommendations issued to social login providers used by over 500’000 domestic websites in February 2025. The…
Implementing regulation on establishment and operation of the European Health Data Space Board
European Commission opened consultation on draft implementing regulation on establishment and operation of the European Health Data Space Board
On 9 December 2025, the European Commission opened a consultation on a draft implementing regulation for the establishment and operation of the European Health Data Space Board (EHDS Board) until 6 January 2026. The draft regulation outlines the nec…
Measures to strengthen effectiveness of security management systems certification
Personal Information Protection Commission and the Ministry of Science and Information and Communication Technology announced measures to strengthen effectiveness of security management systems certification
On 6 December 2025, the Personal Information Protection Commission (PIPC) and the Ministry of Science and Information and Communication Technology (MSICT) announced measures to strengthen the effectiveness of the Information Security Management Syst…