The latest developments in data protection news are underway—key highlights include Safer Internet Day’s focus on AI-aware digital youth safety, sweeping updates to UK, US, and global privacy laws, as well as new enforcement actions and regulatory shifts around the world. Here’s a breakdown of what’s happening right now.
Celebrated on February 10, 2026, Safer Internet Day emphasizes the theme “AI Aware: Safe, Smart, and in Control.” It focuses on equipping children and teens with digital literacy, bias recognition, privacy awareness, and responsible decision-making skills.
On February 9, 2026, The Gambia passed the Personal Data Protection and Privacy Act. The law sets out comprehensive data subject rights and operational principles for controllers — marking a big step for privacy in the African region.
Effective February 5, 2026, the Data (Use and Access) Act 2025 came into force, granting the UK Information Commissioner authority to fine up to £17.5 million or 4% of global turnover. The Act also eases cookie consent rules, introduces tighter data-handling for minors, and updates rules for automated decision-making.
A wave of state privacy laws began to take effect on January 1, 2026: Indiana, Kentucky, and Rhode Island enacted new comprehensive privacy frameworks, each emphasizing access, deletion, portability, and opt‑out rights—with Rhode Island notably omitting a cure period and adding transparency in data sales.
Meanwhile, Oregon banned the sale of precise geolocation information and minors’ data and adopted universal opt‑out, while Connecticut lowered thresholds and banned targeted ads to children.
Colorado postponed its AI Act until June 30, 2026, and Utah will grant a new right to correct personal data starting July 1, 2026.
The DOJ’s Bulk Data Rule continues to drive data security and cross-border audit requirements. Simultaneously, NIST’s draft AI-focused Cybersecurity Framework targets decision-makers to integrate responsible AI practices.
The FTC also expanded COPPA protections—extending “personal information” to biometrics, increasing retention requirements, and banning certain profiling of children.
The EU’s Digital Omnibus Package proposes narrowing what qualifies as personal data—excluding pseudonymized data under certain conditions—while easing automated decision limits, extending breach reporting windows, and simplifying cookie consent.
France also initiated a tender to move its national Health Data Hub from Microsoft Azure to a SecNumCloud-certified European provider by the end of March 2026—a move anchored in digital sovereignty.
Vietnam’s Decree 356, effective 2026, brings stricter data subject rights, controller duties, and cross-border oversight.
In India, the Digital Personal Data Protection (DPDP) framework rollout has stirred industry pushback over fast-track implementation risks. Industry leaders urge phased adoption to support regulatory clarity.
WhatsApp secured the right to challenge a €225 million fine imposed by the Irish Data Protection Authority—legal proceedings now moving forward.
During Data Protection Week 2026, Ghana’s Data Protection Commission declared that 2026 will be a year of enforcement, ramping up compliance monitoring and sanctions under the Data Protection Act, 2012.
Google plans to discontinue its dark web monitoring tool by February 16, 2026, citing user feedback on limited actionable insights. Users are encouraged to bolster security via passkeys and enhanced account protection.
“2026 will be a year of enforcement.” — Dr Arnold Kavaarpuo, Data Protection Commission (Ghana)
Organizations must build flexible, cross-jurisdictional data strategies. Update policies, align with dynamic regulations, and invest in responsible AI/data handling now—because regulatory clarity won’t wait.
What’s the biggest privacy enforcement trend in 2026?
Heightened enforcement—from state-level actions in the US to new regulatory powers in the UK and Africa—signals a pivot from policy development to active oversight and penalties.
How are US state laws affecting businesses?
New laws in states like Indiana, Kentucky, Rhode Island, Oregon, and Connecticut broaden consumer rights and complicate multi-state compliance, especially around minors, geolocation, and opt‑out standards.
What’s the significance of the UK’s DUAA?
The Data (Use and Access) Act 2025 gives the UK stronger enforcement tools, revamps cookie and minor protections, and adapts rules for automated decisions—marking a new era of UK-specific privacy governance.
Is enforcement rising globally?
Yes. From Europe’s Digital Omnibus proposals, Ghana’s regulatory crackdown, to fines against global platforms like WhatsApp, enforcement is expanding in reach and complexity.
Should companies focus on AI-specific privacy controls?
Absolutely. With COPPA expansion, NIST’s AI framework, and state-level AI regulations shaping up, organizations must embed privacy-by-design and transparency into AI systems now.
Any quick advice for privacy leaders?
Audit data flows, assess multi-jurisdictional obligations, align consent and opt-out mechanisms, and invest in privacy-preserving capabilities—especially for AI and cross-border data transfers.
The privacy momentum in 2026 is undeniable. Whether you’re handling children’s data, managing AI systems, or navigating international transfers—proactive, adaptable compliance is today’s best strategy.
ChatGPT offers a range of pricing tiers to suit different needs. As of early 2026,…
Swiggy’s latest share price on BSE stands around ₹319–₹334, reflecting renewed investor interest amid expanding…
Metaverse news today reflects a tech world in transition. Major players like Meta are scaling…
The introduction: TechCrunch Disrupt is the place to get the freshest, most exciting updates on…
Here’s the rundown on what’s happening in social media as of February 10, 2026. The…
Elon Musk’s “build” spans electric cars, rockets, brain interfaces, AI, tunnels, and more. He builds…