Activity Tracker
The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.
355 events advancing 309 policy or regulatory changes:
Graph
Table
Regulation extending derogation from the ePrivacy Directive to support the detection of child sexual abuse
Terminated Regulation on Extension of Derogation from the ePrivacy Directive to support the detection of child sexual abuse
On 3 April 2026, the Regulation on the Extension of Derogation from the ePrivacy Directive for the purpose of identifying Child Sexual Abuse Material (CSAM) online expires. The extension concerns an exemption from data protection regulations, which …
Derogation of ePrivacy Directive to fight child sexual abuse
Applicability of the Derogation from ePrivacy Directive to support the detection of child sexual abuse ends
On 3 April 2026, the applicability of the Derogation from the ePrivacy Directive supporting the detection of child sexual abuse ends. The derogation was extended by Regulation (EU) 2024/1307. The extension allows providers of number-independent inte…
Data Protection Commission's assessment of compliance with compliance audit returns under Data Protection Act
Data Protection Commission extended deadline for compliance audit returns under Data Protection Act
On 1 April 2026, the Nigeria Data Protection Commission (NDPC) extended the filing deadline for the data protection compliance audit by 60 days. The extension applies to all data controllers and processors of major importance who are required to sub…
Consumer Financial Protection Bureau Personal Financial Data Rights Rule
Implemented obligations for depository institutions with at least USD 250 billion in total assets outlined in Rule on Personal Financial Data Rights
On 1 April 2026, the final rule on personal financial data rights came into force for depository institutions with at least USD 250 billion in total assets and non-depository institutions with at least USD 10 billion in revenue. The rule mandates fi…
Guidance on use of cookies and similar online tracking technologies
Federal Data Protection and Information Commissioner published guidance on use of cookies and similar online tracking technologies
On 31 March 2026, the Federal Data Protection and Information Commissioner (FDPIC) published guidance on the use of cookies and similar online tracking technologies. The guidance applies to website operators and data controllers deploying such techn…
Guidance on automated decision-making including profiling
Information Commissioner's Office opened consultation on guidance on automated decision-making including profiling
On 31 March 2026, the Information Commissioner's Office (ICO) opened a consultation on guidance on automated decision-making, including profiling, until 29 May 2026. The guidance applies to all organisations carrying out automated decision-making, i…
Guidelines on Roles Expected of Cyber Infrastructure Providers under Basic Act on Cybersecurity
Ministry of Economy, Trade and Industry and National Cybersecurity Office released guidelines on roles expected of cyber infrastructure providers
On 31 March 2026, the Ministry of Economy, Trade and Industry (METI) and the National Cybersecurity Office (NCO) released guidelines on the roles expected of cyber infrastructure providers. The guidelines were developed by the Study Group on the Rol…
Guidance on automated decision-making in recruitment
Information Commissioner's Office published report and draft guidance on automated decision making in recruitment
On 31 March 2026, the Information Commissioner's Office (ICO) published a report and draft guidance on the use of automated decision-making (ADM) in recruitment. The guidance would apply to employers that use automated tools to process job applicati…
Guidance on application of Regulation (EU) 2024/2847 (Cyber Resilience Act)
European Commission closes consultation on draft Commission guidance on the application of Regulation (EU) 2024/2847 (Cyber Resilience Act)
On 31 March 2026, the European Commission closes the consultation on draft guidance concerning the application of Regulation (EU) 2024/2847 (Cyber Resilience Act). The draft guidance clarifies how the Regulation should be interpreted and implemented…
Data protection regulation in Privacy (Children's Online Privacy) Code
Office of the Australian Information Commissioner opened consultation on Privacy (Children's Online Privacy) Code 2026 including data protection regulation
On 31 March 2026, the Office of the Australian Information Commissioner (OAIC) opened a consultation on the exposure draft of the Privacy (Children's Online Privacy) Code 2026 (the Code) until 5 June 2026. The Code would apply to providers of social…