Thirteen EU member states allegedly did not meet the cybersecurity obligations necessary to comply with the NIS2 Directive, while only seven countries are considered to have reached full compliance, Euractiv reports. Member of the European Parliament Bart Groothuis claimed EU countries' alleged lack of compliance with the directive is "incomprehensible and irresponsible."Full story
The U.S. District Court for the Southern District of Ohio blocked Ohio's age verification law, siding with technology association NetChoice's argument that the law's requirements violate the First Amendment. The decision marks the second time a NetChoice challenge fully blocked a state-level age verification law.
France's data protection authority, the Commission nationale de l'informatique et des libertés, will hold an event 20 May to examine the economic effects of the EU General Data Protection Regulation. The gathering will include broad perspective from economists and European regulators on the regulation's impact on economic well-being and compliance costs.Full story
South Korea's Personal Information Protection Commission signed a business agreement with six local governments and the regional pseudonymized information utilization support agency to create a stronger process to deidentify personal information at the support center. The commission will oversee the center and coordinate action between different localities.Full story
An unauthorized third party targeting vehicle rental service company Hertz allegedly breached consumers' personally identifiable information, including drivers' license numbers, Bloomberg reports. Hertz said the breach occurred after a malicious actor gained access to its software vendor Cleo Communications.Full story
The market for agentic AI solutions is growing as more industries look to streamline customer-based services through the power of AI. While these solutions raise significant benefits and promise, IAPP Staff Writer Caitlin Andrews reports their autonomy and decision-making capabilities also amplify AI's risks.Full story
The IAPP and Credo AI released the AI Governance Profession Report 2025, profiling the extent to which organizations are implementing AI governance programs and how they are doing so. More than 670 individuals from 45 countries and territories contributed to the report, with responses revealing how the development and deployment of AI by organizations often goes hand in hand with AI governance.Full story
A survey by the Netherlands' data protection authority, Autoriteit Persoonsgegevens, showed most respondents are unprepared to use algorithms that process personal data. The survey of 1,600 Dutch companies found a majority of companies were unsure if they currently use algorithms that process personal data. Those that were aware often did not know what type of algorithm it was.
Sweden's government issued a proposal to increase funding for its data protection authority, the Integritetsskyddsmyndigheten, by possibly granting the IMY an additional SEK6 million to evolve its regulatory sandbox.
Lithuania's State Data Protection Inspectorate published guidance for data protection officers. The guidance focuses on applying Articles 37, 38 and 39 of the EU General Data Protection Regulation, which deal with DPO appointments and how to ensure their independence.Full story