The German Federal Court of Justice recently clarified online platforms' liability for user-generated content, ruling platforms aren't directly liable without knowledge but must act swiftly upon notification, significantly impacting digital service providers across Europe.
Australia’s eSafety Commissioner ordered Telegram to pay AUD 1 million for ignoring transparency obligations. Officials requested details on terrorist and child sexual content steps, but Telegram delayed months, triggering enforcement under the Online Safety Act.
On 28 February 2025, Japan’s Cabinet announced significant plans to introduce a Bill to promote research, development, and practical application of artificial intelligence technologies. The legislation focuses on transparency, protection of rights, and international cooperation.
The Student Privacy Online Personal Information Bill (AB 801) enforces precise data safeguards for preschool, prekindergarten and K–12 pupils. It requires data deletion upon request and prohibits misuse of student information, enabling clearer accountability for online education providers.
On 1 January 2025, California’s Student Privacy: Online Personal Information Bill (AB 801) became law, marking an important development in protecting the personal data of preschool, prekindergarten, and K–12 pupils.
The new regulations apply to operators of websites, online services, applications, or mobile apps handling student data, introducing precise guidelines for data deletion and enhanced safeguards for sensitive information.
AB 801 introduces robust measures to ensure that students' personal information is managed responsibly.
The law prohibits operators from using pupil data for purposes beyond educational use, explicitly banning targeted advertising and the sale of student information.
It also requires operators to delete a pupil’s data upon request from a guardian, education rights holder, or the student themselves—provided the student has been unenrolled for at least 60 days.
In a key provision, operators must verify and document a student’s un-enrolment status before deleting their data.
However, the law creates a specific exception for national assessment providers holding only standardised test results, ensuring these records remain accessible for academic and placement purposes.
The Bill aligns with California's existing privacy legislation, including the California Consumer Privacy Act (CCPA) and the Student Online Personal Information Protection Act (SOPIPA).
It adds layers of specificity to address the unique vulnerabilities of student populations, emphasising that covered information includes identifiable details such as names, addresses, academic records, and even biometric data.
This move aims to curb the misuse of student data by enforcing stricter requirements for storage, processing, and disclosure.
It also establishes a baseline for operators to implement reasonable security measures, reducing the risks of unauthorised access or breaches.
Educational technology (EdTech) companies operating in California now face more stringent compliance obligations.
They must ensure their services are designed with security-by-default principles, particularly for younger users.
This means deploying adaptive learning tools and customisable educational software without compromising data privacy.
Additionally, the law clarifies that operators may use de-identified or aggregated student data for product improvement, provided it doesn’t lead to targeted marketing.
California introduced Bill AB 1018 to regulate automated decision systems impacting employment, education, housing, and healthcare. The Bill mandates performance evaluations, independent audits, and consumer disclosures to ensure accountability and transparent decision-making.
Italy has enforced new rules requiring digital devices to support parental control apps, ensuring parents can monitor children's online activity. The law also prevents companies from using collected data for advertising or profiling, strengthening privacy protections.
The CFPB seeks to categorise certain data brokers as consumer reporting agencies under Regulation V. Doing so would tighten obligations, require more transparency, and ensure consumers can see, correct, and control their own information.
House Bill H.210, introduced in Vermont, outlines new guidelines for digital platforms handling minors’ data. By mandating default high-privacy settings and transparent practices, legislators aim to reduce risks of emotional harm and excessive data harvesting.
Follow the latest Tech Law news and updates about AI, Digital Assets, Internet Law, Data Protection, LawTech.
