Data Privacy Frontline Report

October 2025

Here are key highlights from October 2025 detailing global news and regulatory updates.

 

US & Canada
  • Canada’s privacy commissioner presents to House of Commons committee, emphasizing the need to prioritize privacy and modernize Canada’s privacy laws.
  • Minnesota and New Hampshire join the Consortium of Privacy Regulators, bringing the total to ten states collaborating to implement and enforce privacy laws nationwide with the shared goal of protecting consumers across jurisdictions.
  • Ontario’s privacy regulator releases updated de-identification guidelines that offer practical tools and step-by-step processes reflecting evolving laws and international standards.
  • Pennsylvania House of Representatives passes a consumer privacy bill that grants individuals key rights over the collection and use of their personal data while balancing the needs of businesses.

  • US research center EPIC issues report examining state attorney general enforcement actions from 2020–2024 across six areas of privacy harms.


EMEA
  • EU European Commission releases AI strategy for industry and the public sector, as well as an AI in science strategy to accelerate the use of AI in key scientific sectors.
  • EU Parliament approves rules to speed up cross-border enforcement of the GDPR, including rules for cooperation and dispute resolution.
  • EU data protection authority is organizing a remote stakeholder event to gather input on anonymisation and pseudonymisation and to inform and support the EDPB’s ongoing work in these areas.
  • EU data protection authority endorses extending the UK’s data adequacy status under EU data protection laws until December 2031.
  • EU data protection supervisor promotes secure multiparty computation as a transformative privacy-enhancing technology and flags challenges on the road to its adoption.
  • UK government announces a new blueprint for AI regulation that includes the creation of supervised “sandbox” environments to foster innovation and ensure safe, real-world AI testing.
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
Watch On-Demand Now
APAC
  • Australian Government releases new “Guidance for AI Adoption” to replace the 2024 Voluntary AI Safety Standard, outlining six key practices for responsible and human-centred AI use across sectors.
  • Australia’s privacy regulator updates the Australian Privacy Principles (APP), including requiring destruction of personal information falling under the Social Media Minimum Age (SMMA) scheme—with de-identification not an option.
  • Australia’s federal court orders clinical lab organization to pay fine following a data breach, the first civil penalties under the Privacy Act 1988.
  • Sri Lanka’s parliament adopts amendments to the Personal Data Protection Act (PDPA).

LATAM
  • Argentina and Brazil sign a non-binding memorandum of understanding to enhance bilateral cooperation on personal data protection through shared regulatory experience and coordinated oversight efforts.
  • Colombian House Committee approves data protection law amendments, including expanded scope, new definitions and principles, and increased penalties.

Global
  • ISO updates ISO 27701, transforming it into a standalone privacy management standard that no longer requires ISO 27001 certification and introducing clearer requirements for establishing, operating, and continually improving a Privacy Information Management System (PIMS).
  • Lisbon Forum 2025 gathers over 200 global participants to discuss governing AI in ways that uphold human rights, democracy, and cultural diversity.
  • OECD releases policy paper on data collection for AI training, including a taxonomy of the main approaches currently used to obtain data for training AI systems.