Welcome to June's GrailMail! Weāre back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
The world of data privacy is advancing at breakneck speed, bringing both challenges and opportunities. From navigating new state privacy laws to managing a surge in data subject requests, staying ahead requires the right insights and tools. Thatās why this monthās newsletter is packed with resources to help you keep your strategies one step ahead.
Letās dive in.š
Consumers are increasingly aware of online privacy risks like data breaches, selling of their personal data, online tracking, identity theft, and the irresponsible use of AI. Stricter data privacy laws reflect the growing importance of addressing these concerns. DataGrail's brand new2025 Data Privacy Trends Report reveals how these shifts impact businesses and offers benchmarks to track progress.
In this report, you'll get insights into:
How many data subject requests (DSRs) businesses are getting (spoiler: itās a lot more than last year),
Hereās the data privacy news you need to know from June. š
š¤ Meta plans to automate 90% of its internal risk and data protection checks using AI
The system will assess risks based on questionnaires filled out by product teams, replacing most manual reviews. Meta says human oversight will still be used in complex cases, and only "low risks" will be automated. The company also states that products in the EU will continue to follow a separate review process. Read more here.
š° Data privacy, compliance spend rises alongside AI efforts
More than half of global businesses increased data privacy and protection compliance budgets, with the average organization growing this spending category by 46%. Among U.S. organizations, spend increased 71% year over year. Read more here.
š§¬ US states sue 23andMe to protect customersā private data
Twenty seven states, including Pennsylvania, Michigan and Florida, and the District of Columbia filed the lawsuit this month in 23andMeās US bankruptcy proceedings in Missouri, seeking a declaration that it cannot sell customersā genetic data without their consent. Read more here.
š”ļø California, Colorado, Vermont & Others Oppose 10-Year Ban on AI Enforcement
State privacy regulators from California, Colorado, Vermont, and other leading states are urging the Senate to reject a proposed federal moratorium that would block state enforcement of AI and automated decision-making laws for a decade. In a joint letter, they argue the ban would undo hard-won consumer protections.Read more here.
Watch our most recent webinar for a breakdown of upcoming U.S. privacy regulations in Minnesota and Tennessee and their implications.
DataGrail Data Privacy Platform Updates
The last month brought new Processing Activities capabilities in Live Data Map, new DataGrail API v2 for deeper DSR automation, mobile-friendly data subject verification, and more.
š Whatās New?
With the introduction of Processing Activities in Live Data Map, DataGrail empowers privacy teams to manage data processing records more efficiently and at scale
DataGrail has introduced DataGrail API v2, offering expanded capabilities for managing Data Subject Requests (DSRs) at scale. This update provides more granular access to DSR data, enabling teams to integrate seamlessly with internal systems and automate workflows more effectively.
Our industry-leading integration network continues to grow. Weāve added new integrations, including Stripe and Braintree, to help you securely discover and classify sensitive data and automatically access and delete personal data across your business.
A breakdown of upcoming U.S. privacy regulations in Minnesota and Tennessee and their implications.
Key compliance themes across the states, like mandated data inventories, profiling transparency, and extended cure periods. Actionable guidance on U.S. readiness for the EU AI Act and what to expect next.
Minnesotaās new privacy law, taking effect July 31, 2025, offers familiar consumer rights ā access, correction, deletion, porting, and opt-out of profiling and targeted advertising ā while introducing stricter operational mandates: a Chief Privacy Officer (or designated privacy lead), documented privacy policies, and a mandatory data inventory.
Itās also the first state to give individuals the right to challenge profiling decisions, adding a new layer of transparency and control over automated decisions with significant impact.
Tennesseeās Information Protection Act (TIPA) takes effect July 1, 2025 and provides rights such as access, deletion, and the ability to opt out of certain data processing activities.
One of TIPAās most distinctive features is its adoption of the National Institute of Standards and Technology (NIST) Privacy Framework. Tennessee is the first state to formally recognize this voluntary framework as a compliance tool.
āØ Exciting news! Weāve extended the deadline for Data Privacy Hero Award submissions to July 3. Donāt miss the chance to recognize the privacy, legal, IT, and security professionals powering our collective future.
Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?
Weāve got everything from privacy law updates to career tips, monthly privacy huddles, and exclusive resources tailored for the privacy community. Donāt miss out on the chance to be part of a vibrant network committed to advancing data privacy.
See you next time! š
Colleen
This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.
.png?upscale=true&width=1040&upscale=true&name=Upcoming%20Deadlines%20and%20Regulations%20(1).png)
.png?upscale=true&width=1040&upscale=true&name=GrailMail%20Headers%20(2).png)
.png?upscale=true&width=1040&upscale=true&name=GrailMail%20Headers%20(3).png)
