The ODPA’s monthly round-up of data-related developments from around the world.
1 December: A new completely different market mechanism to tackle privacy issues, which addresses the absence of personal data markets and a bargaining power imbalance between companies and consumers, has been proposed by the Global Initiative for Digital Empowerment (GIDE).PL&B News - Strengthening privacy via a new market mechanism
2 December: The Australian government is the latest to unveil an artificial intelligence roadmap with a heavy focus on investment and economics after previously pursuing a more safety-oriented strategy. Australia unveils AI policy roadmap | IAPP
3 December: Privacy has always evolved to keep pace with technology. We adjusted to cloud storage, machine learning and the Internet of Things. But agentic artificial intelligence systems — meaning systems that plan, reason and act autonomously — mark a more fundamental shift: The case for differential privacy in the age of agentic AI | IAPP
3 December: California Attorney General Rob Bonta has been active in pursuing enforcement actions under the California Consumer Privacy Act. Bonta has settled numerous cases with large, national and multi-national companies for a wide range of violations — including a USD1.5 million settlement in July, one of the largest privacy violation fines under the CCPA to date. Among these enforcement actions, opt-out failures have been a central focus: Gaps in website opt-out functionality under the microscope in privacy enforcement | IAPP
5 December: The EU has fined Elon Musk's social media platform X €120m (£105m) over its blue tick badges - prompting an angry reaction from the US. The European Commission said by allowing people to pay for a blue verified check mark on their profile, the platform "deceives users" because the firm is not "meaningfully verifying" who is behind the account: Elon Musk's X fined €120m over 'deceptive' blue ticks - BBC News
8 December: Reuters reports that Meta's (META.O), opens new tab proposal to use less personal data for targeted advertising in its pay-or-consent model has won the approval of EU antitrust regulators, signalling that the company will not face daily fines after all. The Meta investigation underscores Europe's continued crackdown on Big Tech despite U.S. criticism, and its willingness to settle cases rather than levy hefty fines when possible to avoid escalating trans-Atlantic tensions: Meta pledge to use less personal data for ads gets EU nod, avoids daily fines | Reuters
9 December: The UK’s Information Commissioner’s Office called for urgent improvements across local to support people trying to access their own care records: People trying to access their own care records are being let down, Information Commissioner warns | ICO
9 December: Australia's social media ban for under-16s starts today. Here is what you should know - ABC News
10 December: In an opinion piece, IAPP discusses the impact of the Australian Government's Online Safety Amendment (Social Media Minimum Age) Act 2024. It establishes a minimum age for social media use and requires social media providers to take reasonable steps to prevent underage users from having an account on their platform. About a week before the law took effect, Meta began shutting down Facebook and Instagram accounts belonging to children in Australia under the age of 16: Social media safety, privacy literacy and gentle parenting | IAPP
18 December: A joint investigation has been launched by Information Commissioner’s Office and the Data Protection authorities of Jersey, Guernsey, and Isle of Man into the cyber incident that compromised data of the trade union Prospect Custodian Trustees Ltd (Prospect) in June 2025. ICO to investigate Prospect data breach with Guernsey, Jersey and Isle of Man counterparts | ICO
18 December: Austria's Supreme Court has ruled that Meta's (META.O), opens new tab personalised advertising model is unlawful, requiring the company to provide EU users full access to their personal data within 14 days of a request, in a decision that sets a legal precedent across the bloc: Austria's top court rules Meta's ad model illegal, orders overhaul of user data practices in EU | Reuters
21 December: The Norwegian Data Protection Authority (DPA) raises concerns that TikTok continues to transfer personal data of Norwegian and European users to China, potentially violating privacy regulations. According to the DPA, Norwegian users recently received a notice explaining how their data is processed, confirming that transfers to China will continue. This means that TikTok employees in China could still access user data, raising privacy concerns due to Chinese legislation that may require sharing data with authorities: Norway's data authority says TikTok still transfers user data to China
26 December: Forbes discusses the next evolution in artificial intelligence (AI). “AI can no longer be viewed merely as a tool. It has become an active participant in the software supply chain, discovering application programming interfaces (APIs), invoking them and interacting with enterprise systems at massive scale—often without a human in the loop.” Why Agentic AI Isn’t Possible Without Secure APIs