privacy-law-updates

# Privacy Law Updates

Produces a structured briefing on recent privacy and data protection developments, oriented toward compliance planning and executive decision-making.

## Quick Start

Confirm before generating:

1. **Reporting period** — default: past 12–18 months
2. **Jurisdictions** — default: US federal + state, EU/EEA, UK
3. **Industry context** — platform type, data categories, cross-border transfers
4. **Audience** — legal/compliance, executive, or both

## Output Workflow

### Step 1: Executive Overview

| Element | Content |
|---|---|
| Critical deadlines | Compliance dates requiring immediate action |
| Major enforcement | Fines/orders signaling regulatory priorities |
| New obligations | Requirements not previously in effect |
| Strategic flags | Developments affecting product roadmap or vendors |

### Step 2: Jurisdiction Developments

For each jurisdiction, use this entry template:

```
### [Jurisdiction]

#### [Development Title]
- **Type**: Legislation | Guidance | Enforcement | Court Decision
- **Effective date**: [date or timeline]
- **Scope**: [entities, data types, activities covered]
- **Key requirements/holdings**: [bullet list]
- **Delta from prior law**: [what changed]
- **Operational impact**: [systems, processes, documentation affected]
- **Penalties**: [non-compliance consequences]
- **Exemptions/safe harbors**: [if any]
```

### Step 3: Cross-Cutting Topics

Cover only topics with material developments:

| Topic | Capture |
|---|---|
| Cross-border transfers | New mechanisms, adequacy decisions, SCCs updates |
| Consent & notice | Changed standards, dark-pattern enforcement |
| Data subject rights | Access, deletion, portability changes |
| Breach notification | Amended timelines, reporting thresholds |
| AI governance | Automated decision-making rules, transparency mandates |
| Children's privacy | Age verification, parental consent, design codes |
| Biometric data | New state/national laws, consent requirements |

### Step 4: Forward-Looking

- Pending legislation with expected timelines
- Open regulatory consultations
- Announced DPA enforcement priorities
- Areas of legal uncertainty warranting monitoring

## Checks and Pitfalls

- **Jurisdiction-first organization** — cross-reference in cross-cutting section; never repeat the same development twice
- **Cite primary sources** — statute sections, regulation articles, case names, DPA decisions
- **Mark unverified citations** with `[VERIFY]`
- **Distinguish enacted law from proposals** — clearly label pending/proposed items
- **Flag jurisdictional conflicts** where requirements create operational tension
- **Include enforcement amounts** — fines contextualize regulatory seriousness
- **No editorializing** on political likelihood; state procedural status only
- **Note sector carve-outs** (HIPAA, GLBA, COPPA, ePrivacy) where they interact with general frameworks
- **Dual-audience tone** — precise for compliance implementation, clear for executive briefing