The briefing summarizes 2025–2026 developments in data protection, AI governance, cloud security, state privacy laws, and major industry security initiatives. It highlights the EDPB’s simplification and interplay work, CNIL’s HR retention framework and 2026 priorities, the UK’s agentic AI foresight, U.S. state privacy changes in Alabama and Kentucky, the FTC’s strategic plan, and Anthropic’s Project Glasswing. #EDPB #ProjectGlasswing
Keypoints
- EDPB adopted the Helsinki Statement and issued guidance on GDPR interplay with the DSA, DMA, and AI legislation while coordinating cross-border enforcement.
- CNIL published a detailed HR data retention reference framework and set 2026 inspection priorities for recruitment, the national electoral register, and sports federations.
- The UK DRCF foresight paper on agentic AI stresses that existing laws apply, and expects meaningful human oversight, observability, and strong data governance.
- U.S. actions include Alabama’s APDPA with a low 25,000-consumer threshold and Kentucky’s KCDPA amendment requiring consent for smart TV automatic content recognition (ACR) data.
- Anthropic launched Project Glasswing using the Claude Mythos model with industry partners to proactively identify and remediate critical software vulnerabilities.
Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-66