Here are key highlights from April 2025 detailing global news and regulatory updates.
US & Canada
- California and UK data protection authorities sign a declaration to cooperate on international privacy and data protection (also in EMEA).
- Colorado legislators propose significant changes to the Colorado Artificial Intelligence Act less than a year after it was signed into law, part of a larger shift toward prioritizing innovation.
- US Department of Justice provides best practices for complying with the Data Security Program established to protect the sensitive data of Americans from foreign adversaries.
- US state attorneys general form coalition to challenge the firing without cause of Commissioners from the Federal Trade Commission (FTC).
- US senators call on the FTC to investigate companies collecting neural data using brain computer interface (BCI) technology, citing evidence that access to this data is not sufficiently restricted.
- US National Institute for Standards and Technology (NIST) releases a draft update to their Privacy Framework so organizations can use it seamlessly with the Cybersecurity Framework.
EMEA
- EU and Japan begin talks on extending Japan’s adequacy decision to cover academia and research data flows, as well as data flows to the public sector (also in APAC).
- EU European Commission to propose reforms in coming weeks to simplify the GDPR and help make European businesses more competitive.
- Israel’s data protection authority publishes draft guidance on AI and data protection compliance.
- UAE approves the creation of the Regulatory Intelligence Office, which will be supported by an unprecedented AI-powered regulatory system.
- UK and California data protection authorities sign a declaration to cooperate on international privacy and data protection (also in US & Canada).
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- China’s internet regulation agency releases Q&A clarifying cross-border data transfer rules and providing interpretations of how companies can comply with these rules.
- Japan and EU begin talks on extending Japan’s adequacy decision to cover academia and research data flows, as well as data flows to the public sector (also in EMEA).
- South Korea’s data protection authority signs a memorandum of understanding with six local governments to strengthen pseudonymized data use for purposes of AI.
LATAM
- Brazil’s data protection authority completes inspection of companies’ compliance with data protection officer requirements under the General Personal Data Protection Law (in Portuguese).