Happy New Year! What better way to celebrate than covering privacy-related news?
Don’t answer that.
The past month has been a doozy in terms of privacy-related news. Not to mention, three new laws have gone into effect on January 1, 2026 (see 1 through 3 below).
We also interviewed Jess Barre from TruLegal on getting a job in the privacy field – her insights on resumes, interview tips and job prospects are truly illuminating. You can listen to this insightful episode here.
Table of Contents
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- Kentucky Consumer Data Protection Act changes go into effect. Kentucky’s HB473 went into effect on January 1, implementing changes to the Kentucky Consumer Data Protection Act. The changes include lowering the thresholds for the applicability of the law, changing the definition of “personal data”, and changes to impact assessment requirements. If you or your clients are using Termageddon, these changes were released a few weeks ago. Learn more here.
- Rhode Island’s privacy law goes into effect. The Rhode Island Data Transparency and Privacy Protection Act went into effect on January 1, implementing privacy compliance requirements for large and small businesses, including Privacy Policy requirements. If you or your clients are using Termageddon, these changes were released a few weeks ago. Learn more here.
- Indiana’s privacy law goes into effect. Keeping with the theme of new privacy laws going into effect in the New Year, the Indiana Consumer Data Protection Act went into effect on January 1. The comprehensive state privacy law requires certain businesses to have a Privacy Policy that has specific disclosures, provides privacy rights to residents of Indiana, and requires businesses to meet specific requirements to protect privacy. Learn more here.
- AI-enabled toys spark privacy concerns. Lawmakers are increasingly growing concerned about toys made in China that have AI capabilities. Some toys store voice data and conversations histories in cloud systems, which US officials warn could be subject to PRC data-access laws. Read more here.
- Amazon’s Ring rolls out AI-powered facial recognition feature. Amazon’s Ring doorbells will not be able to identify visitors through an AI-powered facial recognition feature, sparking privacy concerns. Read more here.
- New York’s AI safety and transparency bill enacted. Going into effect on January 1, 2027, the new AI bill covers companies with more than $500 million in revenue and will require developers of AI to disclose safety incidents within 72 hours and to publish safety plans. Read more here.
- Coupang announces $1.18 billion compensation to South Korean users for data leak. The eCommerce company announced the compensation deal due to a data breach that breached 33.7 million accounts. However, individuals are concerned that the compensation comes in the form of vouchers that can only be used in the store. Learn more here.
- New York Times reporter sues Google, xAI and OpenAI over chatbot training. The investigative reporter is suing the companies for using copyrighted books without permission to train their AI systems. Learn more here.
- Council of the European Union adopts new cross-border data protection complaints rules. The Council of the European Union adopted a new regulation intended to improve cooperation between EU Data Protection Authorities and speed up the process of handling cross-border data protection complaints. Read more here.
- CNIL imposes 1 million Euro fine on advertising company. Mobius retained a copy of the data of more than 46 million Deezer users after the end of their contractual relationship. The data was copied by three of its employees and was later leaked, with the data ending up on the dark web. Learn more here.
- NYOB files complaints against TikTok, Grindr, and AppsFlyer. NOYB claims that the companies violated EU privacy laws by tracking user activities across apps without consent. Read more here.
What privacy bills are we tracking?
Here are links to each respective proposed privacy bill:
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- EU Digital Omnibus: Sharing the Central and Eastern Europe Perspective – January 15, 2026;
- The FTC’s children’s privacy focus in 2026: a conversation with Ben Wiseman, Head of the FTC’s Division of Privacy and Identity Protection – January 21, 2026;
- Age verification law and policy – February 4, 2026.
Conclusion
That about does it for privacy news for the New Year. While three laws have gone into effect to kick off 2026, there are two major changes coming later in the year to pre-existing laws. So, we’ll be back to share those as well!
