Privacy regulation is becoming increasingly operational across every major region, with regulators focusing less on policy and more on whether organizations can prove how they collect, use and share personal data.
From Europe’s transparency checks to California’s deletion regime, recent developments show growing pressure on businesses to understand exactly where personal data lives and how it moves.
In markets such as Brazil, India and New Zealand, regulators are also sharpening expectations around purpose limitation, consent, individual rights and enforcement.
In this roundup, we take a look at the latest developments in privacy worldwide over the last month.
Europe
The European Data Protection Board has announced plans to begin testing organizations’ compliance with their transparency obligations under GDPR. Local Data Protection Authorities will contact companies from different sectors and review policies and practices ensuring that individuals are informed when their data is being processed and what data is being used. A consolidated report is expected toward the end of 2026.
Meanwhile, the UK ICO has published guidance about the use of automated decision-making technologies in recruitment processes. Compliant use of these tools means businesses must know what data is feeding into them and how it is being used, to ensure adequate safeguards are in place to prevent bias and support fair, accurate decision making.
North America and Brazil
California’s Delete Request and Opt-out Platform (DROP) platform is live and operational, and data brokers will be required to process deletion requests every 45 days from August 1.
Elsewhere, Canada’s privacy regulator is taking steps to reinforce purpose limitation for sensitive data, following a case in which highly sensitive athlete data collected for anti-doping controls was shared with sporting federations for assessing sex-based eligibility – without their knowledge or consent.
Brazil’s privacy authority, the ANPD has been granted regulatory agency status, with stronger enforcement powers, expanded management and budget autonomy. This is expected to result in an increase in enforcement activity, driving improvements in privacy practices across the region.
Middle East and Asia
Since the publication of India’s DPDP Rules 2025 last year, organizations have raised concerns about their impact on innovation. Around 75% claimed budgets would be diverted from digital growth initiatives to compliance-related tools and services. Meanwhile 83% expect operational disruption as “legitimate interest” and “contractual necessity” were excluded as legal bases for data processing – meaning that formal user consent is required for most data processing.
Qatar’s National Cyber Security Agency (NCSA) has published Individuals’ Rights Guidelines, as part of a new initiative to raise public awareness of the rights individuals have under the country’s Personal Data Privacy Protection Law. These include the right to lawful processing, erasure, access and correction, among others.
Australia and New Zealand
In Australia, the OAIC has published updated guidance for businesses under the AML/CTF Act to support the expanded range of businesses that will soon be covered under the Privacy Act. These include real estate, lawyers and accountants (Tranche 2 entities). The new guidelines explain that businesses must collect only personal information necessary to comply with AML/CTF legislation, and should not be retained after verification.
Meanwhile, New Zealand has introduced a guide to the new notification requirements for indirect collection of personal information coming into effect from May 1, 2026. Organizations will be required to disclose when they collect personal information from a source other than the individual themselves. This change will require businesses to know where their personal information is coming from, how they're identifying and documenting the source, and whether their current privacy notices, contracts and internal processes are aligned with the new principle.
To find out how Ground Labs can help you discover and protect personal information for privacy compliance, book a call with one of our experts today.