Paige Collings and Jillian C. York write: This week, politicians in the UK pushed forward with plans to eviscerate privacy and free speech on the internet by announcing a ban on social media for users under 16 that is set to take effect in Spring 2027. The UK government continues to falsely characterize this policy as a necessary response...

Russell Myers reports: A hospital worker at the private clinic where the Princess of Wales had abdominal surgery is set to face a criminal prosecution following an investigation into claims that the Princess’ medical records had allegedly been accessed by staff in 2024, it is understood. A total of three trusted employees, who worked at The...

Canadian privacy law professor Michael Geist writes: The government is set to introduce its long-promised privacy reform legislation early this week, with the recognition of a fundamental right to privacy expected to serve as a foundational element of the bill. Establishing privacy as a fundamental right would be a welcome and long-overdue development, one that many have...

Daryna Antoniuk reports: Russia has spent decades building one of the world’s most sophisticated digital surveillance systems. Now, the Kremlin is taking steps to make it faster, more automated and better integrated across the country’s internet infrastructure. Known as SORM, the platform gives Russia’s security and intelligence agencies access to telephone calls, internet traffic and...

Dutch News reports: Around two-thirds of Dutch parents use an app or device to track where their children are, according to a survey by broadcaster RTL Nieuws – a habit that child development experts warn can give a false sense of security. In the survey of RTL’s viewer panel, 65% of parents with children aged...

Zack Whittaker reports: The Dutch government has blocked American IT giant Kyndryl from acquiring Solvinity, a Dutch cloud provider that hosts the Netherlands’ online identity platform. The government in The Hague said the deal poses a possible “risk to the public interest.” Dutch minister for the digital economy Willemijn Aerdts said in a machine-translated letter published Monday...

Amaar Chowdhury reports: London’s Metropolitan Police – the UK’s largest police force – asked tech companies to give officers access to private communications data over 700,000 times in 2025 alone, according to figures obtained by The Register under the Freedom of Information Act. These statistics expose the monitoring of everyday platforms like takeaway delivery services, and also...

There seem to be more news stories about data protection out of Kenya recently. This one appeared on CapitalFM: The Office of the Data Protection Commissioner (ODPC) has found St Luke’s Orthopaedic and Trauma Hospital liable for unlawfully disclosing a patient’s sensitive medical information and ordered it to pay Sh525,000 in compensation. In a ruling...

The Standard reports: A medical intern at Princess Margaret Hospital has been suspended after allegedly posting photos containing patients’ information on a personal social media account, the Hospital Authority (HA) announced. The incident came to light after a complaint was filed on Friday, prompting the hospital to launch an immediate investigation. A spokesperson for the...

Odia Kagan of FoxRothschild writes: The Italian Data Protection Authority (Garante) recently fined online classifieds platform Bakeca S.r.l. after an unknown user published two ads, including an explicit offer for sex work, listing the phone number of a person who had nothing to do with the ads and never consented to their publication. The decision,...

From the what-can-possibly-go-wrong dept., Rachel Sim reports: The Cabinet of Japan has approved a bill amending the Act on the Protection of Personal Information to support AI innovation and development. This marks a shift from a consent-based model towards a more flexible framework that prioritises data use for innovation. Previous regulation enforced that data such...

Martin Yip,Hong KongandKelly Ng report: Hong Kong police can now demand phone or computer passwords from those who are suspected of breaching the wide-ranging National Security Law (NSL). Those who refuse could face up to a year in jail and a fine of up to HK$100,000 ($12,700; £9,600), and individuals who provide “false or misleading...

A press release issued on March 17 by the Office of the Privacy Commissioner of Canada: The World Anti-Doping Agency (WADA) has committed to implementing measures to help ensure that international sport federations and other anti-doping organizations do not use highly sensitive personal information collected from athletes and that is under WADA’s control for purposes other...

Dzuya Walter reports: A constitutional petition has been filed at the Milimani High Court challenging the alleged unlawful sharing and use of protesters’ personal data by telecommunications companies and investigative agencies. In the petition, the Law Society of Kenya (LSK) has named several state agencies, police officers, and institutions as respondents, accusing them of unlawfully...

Luis Rijo reports: Spain’s data protection authority this month published a resolution imposing a €500,000 administrative fine on Fútbol Club Barcelona for failing to conduct a legally compliant data protection impact assessment (DPIA) before processing biometric data from its roughly 143,000 members during a 2023 digital census update campaign. The fine, set out in file EXP202305134 of...

Katarzyna Skiba of AFP reports: A Polish court on Tuesday sentenced three doctors to prison sentences over the 2021 death of a pregnant woman, which sparked nationwide protests and renewed scrutiny of the country’s restrictive abortion laws. The woman, Izabela, whose last name has not been made public, died of sepsis in 2021 while experiencing...

Alix Bertrand and Kristof Van Quathem of Covington and Burling write: On February 13, 2026, France’s highest administrative court (“Conseil d’État”) delivered an important decision clarifying the boundary between pseudonymization and anonymization under the GDPR. The ruling confirms that data which remain re‑identifiable in practice—even with some effort—must be treated as personal data under the GDPR by...