惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
V2EX - 技术
V2EX - 技术
B
Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threatpost
小众软件
小众软件
T
The Blog of Author Tim Ferriss
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
T
Tenable Blog
P
Privacy International News Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
B
Blog RSS Feed
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
Security Latest
Security Latest
S
Securelist
Cyberwarzone
Cyberwarzone
D
Docker
S
Schneier on Security
V
Vulnerabilities – Threatpost
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

Privacy & Cybersecurity Law Blog

New Jersey Adopts New Data Broker Registration Regime and Sensitive Data Sale and Licensing Restrictions CISA Plans to Finalize Cyber Incident Reporting Regulations in September 2026 Illinois Governor Signs Frontier AI Model Law New Hampshire Amends the NHDPA to Prohibit the Sale of Children’s Personal Data Canada’s Proposed Social Media Ban for Children and Chatbot Regulation: Bill C-34’s Impact on Platforms European Commission Unveils Cybersecurity and AI Action Plan European Commission Refers Four Member States to CJEU Over NIS2 Transposition Delays EDPB Opens Public Consultation on New Personal Data Breach Notification Template European Commission Advances New Proposal to Expand Cloud Capacity and AI Infrastructure U.S. Supreme Court FTC Ruling Prompts Fresh Scrutiny of EU-U.S. Data Privacy Framework China Issues New Measures for Network Data Security Risk Assessment China Issues Regulations on Internet Content Multi-Channel Network Distribution Services China’s First Regulatory Framework for Virtual Companions Soon to Take Effect UK Data Protection Complaints Obligations Take Effect Vermont Enacts Significant Amendments to Data Broker Legislation Vermont Becomes 23rd State with Comprehensive Consumer Privacy Law Louisiana Enacts Comprehensive Consumer Privacy Law Connecticut Signs Comprehensive AI Bill into Law China CAC Issues Guidance on Conducting Audits Technology Companies Should Prepare for FTC Enforcement of Take It Down Act HHS Reorganizes Office for Civil Rights Oregon Prohibition on Public Body Disclosures to Data Brokers for Federal Immigration Purposes Now In Effect Connecticut Privacy Law Updates: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing Restrictions, and Genetic Data Regulations NYDFS Warns of Cybersecurity Risks from Frontier AI Models UK and Australia Announce Memorandum of Understanding on AI Security FTC Announces Settlements With Three Marketing Firms Over Allegations of Deceptive Statements About Active Listening AI-Powered Services Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems Colorado AI Act Amended and Effective Date Delayed European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act Texas AG Announces Lawsuit Against Netflix for Alleged Misrepresentations Regarding User Data UK ICO Recommends Targeted Changes to PECR Rules for Online Advertising California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations Illinois Department of Human Rights Issues Regulations Governing the Use of AI in Employment Decisions Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response Maryland Enacts First-of-its-Kind Ban on Surveillance Pricing for Grocery Sales UK ICO Publishes Guidance on Storage and Access Technologies CalPrivacy Announces the Agenda for its April 30–May 1 Board Meeting CalPrivacy Requests Preliminary Comments on Notices & Disclosures, Employee Data COPPA Rule Amendment Compliance Deadline Approaches House Republicans Introduce Comprehensive Federal Privacy Bill: “SECURE Data Act” Kentucky Classifies Smart TV Data as Sensitive Alabama Becomes 21st State With Comprehensive Consumer Privacy Law CalPrivacy Director Expects CCPA Compliance Audits in 2026 Virginia Bans Sale of Geolocation Data HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data Washington State Enacts Law Regulating AI Companion Chatbots with Private Right of Action Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
CIPL Report Discusses Significant Alignment between GDPR and Global CBPR
2026-04-28 · via Privacy & Cybersecurity Law Blog

The Centre for Information Policy Leadership (“CIPL”) at Hunton has published a report examining the extent to which the European Union’s General Data Protection Regulation (“GDPR”) aligns with the newly updated Program Requirements of the Global Cross-Border Privacy Rules (“Global CBPR”) System.

The Global CBPR System is a certified compliance program that facilitates personal data flows from and between participating jurisdictions and organizations. It is based on formal third-party assessments affirming that certified organizations operating as data controllers adhere to a common set of approved standards, called “Program Requirements.”  The Global Privacy Recognition for Processors (“Global PRP”) System provides analogous certifications for private sector organizations operating as data processors.

The Global CBPR Forum, which administers the Global CBPR and Global PRP Systems, formally adopted a number of revisions to the Global CBPR Program Requirements in March 2026. These revisions addressed topics commonly found in privacy laws but not previously covered by the Global CBPR System, such as sensitive data, children’s data, risk assessments and breach notification.

According to CIPL’s report, there is significant alignment between the GDPR and the Systems’ Program Requirements with more than 70% of Global CBPR Program Requirements, as revised, aligning with provisions of the GDPR, and more than 75% of the Global PRP doing the same. CIPL concludes that inasmuch as the remainder of the Program Requirements appear to find implicit support in the GDPR, EU supervisory authorities would likely be able to enforce the Program Requirements through the GDPR.

GDPR Art. 42 encourages the “establishment of data protection certification mechanisms,” and GDPR Art. 46(2)(f) permits the use of an approved certification mechanism as an “appropriate safeguard” for international transfers. In light of those provisions, CIPL’s report encourages the EU to explore the benefits of participation in the Global CBPR/Global PRP Systems.

CIPL’s full report is available here.

For additional information regarding the Global CBPR and Global PRP Systems, CIPL has published an explanatory Playbook available here.