← Back to blog

All Articles1 / 3

KIDS Act Passes House: Rules for Platforms, Games, and AI
AI Regulation

KIDS Act Passes House: Rules for Platforms, Games, and AI

H.R. 7757 has passed the House and moved to a Senate committee. This brief covers proposed rules for platforms, gaming, AI chatbots, and COPPA 2.0.

·9 min
TIDA Deadline Passed—But AI Video Platforms' Deepfake Compliance Is Just Beginning
AI Regulation

TIDA Deadline Passed—But AI Video Platforms' Deepfake Compliance Is Just Beginning

From TIDA takedown obligations and FTC disclosure guidelines to South Korea's watermark mandate—three new red lines are turning platform content governance from voluntary best practice into enforceable regulatory obligation.

·5 min
Privacy Alert | Vietnam’s Personal Data Protection Law (PDPL) Officially Enacted
Laws & Guides

Privacy Alert | Vietnam’s Personal Data Protection Law (PDPL) Officially Enacted

Vietnam’s Personal Data Protection Law (PDPL), enacted in June 2025 and effective from January 1, 2026, establishes a comprehensive national framework for personal data protection, replacing the 2023 Decree No. 13/2023/NĐ-CP. Applicable to both domestic and foreign entities processing Vietnamese citizens’ or residents’ data, the PDPL introduces strict penalties (up to 10 times illegal proceeds for data trading or 5% of annual revenue for cross-border violations), a narrow “legitimate rights and interests” processing basis, and exemptions for micro-enterprises. It mandates explicit consent, data processing and transfer impact assessments (DPIA and TIA), and robust data subject rights, including access, correction, and deletion. Enterprises must implement consent mechanisms, data security measures, and compliance with data localization under the Cybersecurity Law, with specific rules for sensitive data like children’s or health information, and a 72-hour breach reporting requirement.

·6 min
Privacy Bulletin: SHEIN SMS Violates Do-Not-Call Directive, Faces Class Action Lawsuit
Enforcement & Fines

Privacy Bulletin: SHEIN SMS Violates Do-Not-Call Directive, Faces Class Action Lawsuit

On July 12, 2025, a class action lawsuit was filed against SHEIN for allegedly violating the Telephone Consumer Protection Act (TCPA) by sending marketing text messages to numbers listed on the National Do-Not-Call Registry without prior consent. The plaintiff, whose number was registered in April 2025, continued receiving promotional texts in June, well past the required 31-day buffer. The case emphasizes that TCPA rules apply not only to calls but also to automated SMS marketing, requiring companies to prove consent, honor opt-outs, and now comply within 10 business days following an FCC order in April 2025. This lawsuit highlights stricter enforcement of consumer privacy protections against unsolicited marketing communications.

·2 min
Avoiding GDPR Cookie Policy Violations: A Guide for Enterprises
Cookies & Consent

Avoiding GDPR Cookie Policy Violations: A Guide for Enterprises

The Mirror’s cookie banner, which charges £1.99/month to reject non-essential cookies, violates GDPR’s requirement for freely given consent, risking fines and reputational damage. GDPR mandates transparent, opt-in cookie policies with easy withdrawal, and tools like Kaamel’s Risk Management solution help enterprises ensure compliance through automated audits and developer-friendly workflows. Enterprises must prioritize user-friendly consent mechanisms to avoid legal and trust issues.

·4 min
South Korea Fines Meta for Violating Personal Data Laws
Enforcement & Fines

South Korea Fines Meta for Violating Personal Data Laws

South Korea's Personal Information Protection Commission fined Meta 21.6232 billion KRW for improperly collecting and processing sensitive user information, denying access requests, and causing a data leak. The Commission ordered Meta to implement stronger data protections and ensure lawful handling of sensitive data.

·3 min
FTC Enforces New "Click to Cancel" Rule for Subscription Cancellations
More

FTC Enforces New "Click to Cancel" Rule for Subscription Cancellations

The FTC's new “Click to Cancel” rule mandates businesses to simplify subscription cancellations, making them as straightforward as the sign-up process.

·4 min
DOJ Issues Proposed Rule to Restrict Foreign Access to Americans' Sensitive Data
More

DOJ Issues Proposed Rule to Restrict Foreign Access to Americans' Sensitive Data

The U.S. Department of Justice has issued a proposed rule to restrict data access by specific foreign countries, following an executive order by President Biden.

·4 min
Kaamel is Now SOC 2 Compliant
More

Kaamel is Now SOC 2 Compliant

We at Kaamel Technology are pleased to share the news that we have recently completed our System and Organization Controls (SOC) 2 Type II Audit.

·1 min
Oracle Reaches $115 Million Settlement Over Data Privacy Lawsuit, Commits to Stricter Data Protection Measures
Enforcement & Fines

Oracle Reaches $115 Million Settlement Over Data Privacy Lawsuit, Commits to Stricter Data Protection Measures

Oracle has proposed a $115 million settlement to resolve a class action lawsuit accusing the company of unlawfully collecting and selling users' data without consent.

·3 min
EU Releases FAQ on Data Act Clarifying IoT Data Sharing and Relationship with GDPR
Laws & Guides

EU Releases FAQ on Data Act Clarifying IoT Data Sharing and Relationship with GDPR

On September 6, the EU published a FAQ on the Data Act, explaining its relationship with the GDPR and addressing issues related to IoT data access and business-to-business data sharing.

·4 min
Cookie Consent : Effective or Deceptive?
Cookies & Consent

Cookie Consent : Effective or Deceptive?

This study looked at the cookie consent practices of 64 Fortune 500 companies that directly engage with European customers. By simulating customers interacting with the website, the research scrutinizes how these global companies adhere to regulation. A staggering 70% of the evaluated websites do not comply with GDPR cookie consent requirements, indicating a substantial gap in adherence to privacy laws among even the biggest companies.

·5 min
U.S. IoT Cybersecurity Label Takes Effect to Strengthen Device Security and Consumer Trust
More

U.S. IoT Cybersecurity Label Takes Effect to Strengthen Device Security and Consumer Trust

On September 9, the U.S. IoT Cybersecurity Label, known as the "Cyber Trust Mark," came into effect to enhance the security of consumer IoT devices.

·2 min
FTC Settles with Verkada Over Data Breach and CAN-SPAM Violations for $2.95 Million
More

FTC Settles with Verkada Over Data Breach and CAN-SPAM Violations for $2.95 Million

On August 30, the U.S. Federal Trade Commission (FTC) settled with security company Verkada, which will pay a $2.95 million penalty and implement stronger security measures following a lawsuit from the Department of Justice (DOJ).

·3 min
Brazil's ANPD Approves New International Data Transfer Regulation and SCCs
More

Brazil's ANPD Approves New International Data Transfer Regulation and SCCs

On August 23, Brazil's National Data Protection Authority (ANPD) approved new regulations on international data transfers, including the adoption of Standard Contractual Clauses (SCCs) as a legal mechanism. These regulations require companies to ensure compliance with Brazil's LGPD and implement transparency measures for cross-border data transfers.

·4 min
Kaamel Recognized for Bridging Privacy Compliance Gaps in Adweek Report
More

Kaamel Recognized for Bridging Privacy Compliance Gaps in Adweek Report

Kaamel was recently featured in an Adweek report for its work in data privacy and security. The article discusses the widespread use of cookies and similar tracking technologies, highlighting the challenges companies face in complying with global privacy regulations like GDPR and CCPA.

·3 min
Dutch Data Protection Authority Fines Uber €290 Million for Illegal EU Data Transfers to the U.S.
Enforcement & Fines

Dutch Data Protection Authority Fines Uber €290 Million for Illegal EU Data Transfers to the U.S.

The Dutch Data Protection Authority (AP) has imposed a record €290 million fine on Uber for illegally transferring the personal data of EU drivers to the United States without adequate safeguards. This marks the third penalty against Uber by the AP, following an investigation triggered by complaints from French drivers.

·4 min
South Korea’s FSS Investigates Kakao Pay for Unauthorized Data Transfers to Alipay
More

South Korea’s FSS Investigates Kakao Pay for Unauthorized Data Transfers to Alipay

The Financial Supervisory Service (FSS) of South Korea has found that Kakao Pay transmitted user data to Alipay in China without consent, potentially violating the Credit Information Use and Protection Act. Kakao Pay faces possible sanctions and significant penalties as the investigation continues.

·4 min
Singapore’s PDPC Reminds Businesses to Register Data Protection Officers by September 30, 2024
More

Singapore’s PDPC Reminds Businesses to Register Data Protection Officers by September 30, 2024

Singapore’s PDPC urges businesses to register their Data Protection Officers through the BizFile+ platform by September 30, 2024, to comply with the PDPA.

·2 min
Texas Sues General Motors for Illegally Collecting and Selling Driver Data
More

Texas Sues General Motors for Illegally Collecting and Selling Driver Data

The Texas Attorney General has filed a lawsuit against General Motors for allegedly collecting and selling the private driving data of over 1.5 million Texas residents without their consent, in violation of state law. The case highlights the need for automakers to comply with privacy laws, ensuring transparency and informed consent in data collection and usage practices.

·3 min
New Data Privacy Laws in Florida, Oregon, and Texas: Compliance Requirements and Implications
More

New Data Privacy Laws in Florida, Oregon, and Texas: Compliance Requirements and Implications

On July 1, new data privacy laws in Florida, Oregon, and Texas came into effect, requiring businesses to update privacy policies, conduct impact assessments, and strengthen data security measures. Companies must ensure compliance with these regulations to protect consumer privacy and avoid significant penalties.

·15 min
X Faces Multiple Complaints in Europe for Alleged Illegal Use of User Data to Train AI Models
AI Regulation

X Faces Multiple Complaints in Europe for Alleged Illegal Use of User Data to Train AI Models

Social platform X (formerly Twitter) is facing several complaints in Europe for allegedly using EU users' personal data without consent to train its AI technologies, including Grok. The Irish Data Protection Commission has filed a lawsuit, and the non-profit organization NOYB has submitted complaints in nine countries, accusing X of violating GDPR regulations by collecting and using data without proper transparency or legal basis.

·4 min
Illinois Amends BIPA to Limit Liability and Introduce Electronic Signatures
Biometrics

Illinois Amends BIPA to Limit Liability and Introduce Electronic Signatures

On August 2, Illinois amended the Biometric Information Privacy Act (BIPA), reducing the number of violations counted for repeated biometric data collection from the same individual and allowing electronic signatures as a method for obtaining consent. This amendment significantly lowers potential damages in BIPA lawsuits and offers businesses more flexibility in compliance.

·2 min
TikTok Agrees to Withdraw TikTok Lite Rewards Program in the EU Following DSA Investigation
Laws & Guides

TikTok Agrees to Withdraw TikTok Lite Rewards Program in the EU Following DSA Investigation

The European Commission announced that TikTok has committed to permanently withdrawing its TikTok Lite rewards program from the EU market after concerns that the program violated the EU's Digital Services Act (DSA). The investigation highlighted TikTok's failure to conduct the required risk assessments before launching new features, marking the first case concluded by the European Commission under the DSA.

·9 min

Start Your Compliance Journey !

Contact security and privacy veterans at Kaamel

https://kaamel.com
info@kaamel.com
340 E Middlefield Rd, Mountain View, CA 94043
AICPA Drata
© 2024 Kaamel Inc. All rights reserved.