The European Union delayed several AI Act obligations while adding new bans on non-consensual intimate-image generation tools, and Canada, Vermont, and the FTC advanced major privacy and data-security reforms affecting AI, genetic data, data brokers, and edtech providers. CISA also replaced separate federal patching rules with a single risk-based remediation directive, while the FTC finalized an order against Illuminate Education after a breach that exposed data from more than 10.1 million students. #EUAIAct #PIPEDA #IlluminateEducation #CISA #VermontAct135 #VermontAct138
Keypoints
- The EU Parliament approved AI Act delays and new restrictions on non-consensual โnudifierโ systems.
- Canadaโs Bill C-36 would replace PIPEDAโs private-sector regime with the PPCDA and a new enforcement structure.
- Vermont enacted Act 135 to impose strict consent, deletion, and transfer limits on direct-to-consumer genetic testing companies.
- Vermont Act 138 expands data broker transparency duties and creates new registration and breach notice requirements for edtech providers.
- CISA issued BOD 26-04 to prioritize federal vulnerability remediation based on exposure, exploitation risk, and impact.
Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-76