Data Privacy

The policy requires agencies to scale metered panels to 80,000 homes within 18 months (6 months for existing agencies) and ultimately to 120,000, and to measure across all TV screens technology‑neutrally. It also mandates quarterly internal and annual external audits, at least 50% independent boards, a ban on consultancy to clients, and publication of methodology and anonymised data, making conflicted partnerships, opaque measurement, and low-capacity operations harder to sustain.

Amendments to Hong Kong's national security bylaws let police compel suspects to provide phone or computer passwords, with refusal punishable by up to one year jail and fines. This requires disclosure of encrypted device access for NSL investigations, restricting digital privacy and criminalizing non-cooperation.

The FBI has resumed purchasing commercially collected Americans' data and location histories from data brokers to support federal investigations. Data brokers source location and other identifiable information from consumer phone apps, games, and ad-tech systems including real-time bidding. The agency states those purchases are consistent with the Electronic Communications Privacy Act. Lawmakers raised constitutional concerns about purchases of Americans' location data without warrants.

Law No. 15,211/2025 (Digital Statute of Children and Adolescents) requires providers of information technology products or services directed at or likely to be accessed by children and adolescents to adopt mechanisms that provide age-appropriate experiences while respecting evolving capacities and socioeconomic diversity. Social media platforms must verify ages and link accounts of users under 16 to a parent or guardian. Covered businesses must implement risk-mitigation policies, provide Portuguese-language parental controls, operate reporting systems, and firms with over one million Brazilian users must publish transparency reports. Penalties include fines up to 50 million Brazilian reals or up to 10 percent of revenue earned in Brazil, with repeat offenses subject to shutdown; the statute takes effect on March 17, 2026 and the ANPD has regulatory responsibility after receiving independent-agency status in December 2025.

Stricter age-verification checks are required from Monday. Acceptable verification methods include facial recognition technology, digital IDs and credit card details. The rules apply to companies behind search engines, app stores, social media and gaming platforms, porn sites and AI systems including companion chatbots. Non-compliant platforms face million-dollar fines.

The law applies to AI developers whose models are accessible in California. Required disclosures include which dataset sources were used to train models, when the data was collected, and whether collection is ongoing. Disclosures must state whether datasets include data protected by copyrights, trademarks, or patents, and whether training data was licensed or purchased. Disclosures must also address whether training data included any personal information and how much synthetic data was used to train the model.

The ban was announced in the Legislative Assembly during presentation of the 2026–27 state budget. The budget states that access for under-16s will be prohibited. The excerpt does not specify which services are covered or how age will be verified. Detailed guidelines on implementation and enforcement are to be issued in forthcoming policy documents.

GoFan’s ticketing software required users to press an “agree” button to proceed with buying tickets and did not offer an opt-out. The 27 February order said this design led to repeated violations in 2023–24 involving collection of personal information and its sale to advertisers. The California Privacy Protection Act gives California residents the right to know their private information has been collected and to block companies from selling it. PlayOn said the inquiry focused on certain privacy practices prior to December 2024 and that the matters have been fully resolved. The order states PlayOn has sold more than 30m tickets nationwide and has contracts with about 1,400 schools in California.

US District Judge Colleen Kollar-Kotelly found that the IRS disclosed last-known taxpayer addresses to Immigration and Customs Enforcement about 42,695 times. The judge cited Internal Revenue Code 6103, which largely prohibits disclosure of tax return information without consent. The disclosures were made in response to ICE requests for information related to immigrants. The judge concluded the IRS failed to ensure that ICE’s requests met legal standards for sharing confidential tax information.

The ICO found Reddit did not apply a robust age‑assurance mechanism prior to July 2025. The regulator determined Reddit lacked a lawful basis for processing the personal data of children under 13. The ICO concluded those failures resulted in unlawful use of children's data and exposure to inappropriate content. The ICO based its findings on actions before Reddit's July 2025 rollout of an age‑verification system for viewing adult content and expressed concern that the post‑July 2025 system relies on self‑declared ages.

Chinese-made cars are prohibited from entering military facilities. All vehicles capable of recording location, video, or sound are barred from secure military areas unless those functions are switched off. The restriction applies regardless of vehicle origin. The stated justification cites technologically advanced vehicles' sensors and communication systems enabling uncontrolled acquisition and use of data.

Kremlin spokesperson Dmitry Peskov attributed the block to WhatsApp's alleged noncompliance with Russian law. Authorities urged users to migrate to the state-backed messenger MAX. Since December, many users accessed WhatsApp through virtual private networks (VPNs). The measure applies nationwide following the announcement on 12 February 2026.