Clym Logo

Weekly Compliance Brief: June 29 – July 3, 2026

Published
AS
AuthorAdam Safar
6 min read

Weekly Compliance Brief: June 29 - July 3, 2026

EU-US data deal pressure, Delaware privacy changes, Canada’s Bill C-36, and accessibility updates from the US, EU, and UK.

Summarize full article with:

This week’s brief covers new pressure on the EU-US Data Privacy Framework, privacy law changes in Delaware and Canada, and accessibility updates from the US, EU, and UK. It also looks at the EU’s latest Digital Services Act risk report and what it means for platform accountability.

Compliance Brief - Data Privacy

Data privacy law news

Canada returns with Bill C-36 privacy reform

Canada introduced Bill C-36 on June 15, 2026, its third recent attempt at federal privacy reform. The bill would replace Part 1 of PIPEDA with the Protecting Privacy and Consumer Data Act, create a new federal regulator, recognize privacy as a fundamental right, and introduce penalties tied to global revenue.

The proposal also covers automated decision-making transparency, de-identified and anonymized data, and privacy impact assessments before personal data is transferred outside Canada. With second reading expected after summer recess, businesses have time to assess possible governance, contract, and data transfer impacts.

Learn more

Delaware passes major privacy law amendments

Delaware lawmakers passed House Bill 380 on June 16, 2026, amending the Delaware Personal Data Privacy Act. If signed, the bill would lower applicability thresholds, expand “sensitive data” to include inferences, and add obligations for third parties that receive personal data from controllers.

The amendments would also give consumers the right to know what inferences a company made about them and to request a list of third parties that received their data. The changes would take effect on January 1, 2027, giving businesses time to review notices, contracts, and data protection assessments.

Learn more

Turkey court curbs the data protection board's fines

Turkey’s Constitutional Court ruled that the Personal Data Protection Board breached the legality principle when it fined an insurance company for using publicly sourced contact details in marketing. The Court said the Board’s “purpose of disclosure” doctrine was not defined in law and cannot, by itself, justify an administrative fine.

The decision may give companies grounds to challenge sanctions based on that doctrine. Businesses using public sources for marketing or CRM data should review their legal basis, documentation, and any pending reliance on the “publicly available data” exception.

Learn more

Schrems targets EU-US data transfer deal

Max Schrems and noyb have asked the European Commission to consider withdrawing from the EU-US Data Privacy Framework. They argue that Trump v. Slaughter, a recent US Supreme Court ruling on presidential removal power over FTC commissioners, weakens the independence of the US oversight bodies behind the framework.

noyb also points to the executive order behind the framework and continued bulk data collection under US surveillance law. Organizations relying on the framework for EU-US transfers may want to keep supplementary safeguards, including standard contractual clauses, in place while the legal challenge develops.

Learn more

California clarifies CCPA employer risk assessments

Since January 1, 2026, many California employers must complete documented risk assessments before higher-risk processing, including AI use in employment decisions or employee location tracking. Employment counsel guidance outlines practical steps, from identifying covered processing to deciding who conducts and approves each assessment.

Assessments should weigh the purpose, data categories, employee risks, and expected benefits of the processing. Employers must be ready to provide summaries to California’s privacy regulator from April 1, 2028, and complete assessments for covered pre-2026 processing by December 31, 2027.

Learn more

Compliance Brief - Accessibility

Web accessibility news

US bill proposes a national website accessibility standard

Representatives Mark Alford and Lou Correa introduced the Online Accessibility Act on July 1, 2026. The bill would set uniform accessibility standards for consumer-facing websites and mobile apps and create a process for businesses to fix issues before facing lawsuits.

Sponsors say the bill would give businesses clearer ADA expectations and reduce opportunistic litigation. If it advances, it would be one of the first attempts to write a specific digital accessibility standard into the ADA rather than relying mainly on case law and DOJ guidance.

Learn more

SBA urges DOJ to narrow Title II web rule

The Small Business Administration’s Office of Advocacy asked the DOJ to narrow or withdraw its Title II rule for state and local government websites and apps. The office argues that the WCAG 2.1 AA rule exceeds DOJ authority under recent Supreme Court precedent and recommends exempting small governments with fewer than 10,000 residents.

Disability advocates warned that narrowing the rule could delay access to public services such as voter registration and benefits applications. Any change would affect planning timelines, with current compliance deadlines already extending into 2027 and 2028 depending on entity size.

Learn more

K-12 leaders prepare for DOJ accessibility rule

At ISTELive 26, experts briefed school technology leaders on the DOJ’s Title II digital accessibility rule. Public school websites, learning platforms, and mobile apps will need to meet WCAG 2.1 AA, with deadlines in 2027 or 2028 depending on district size.

Speakers urged districts to audit digital systems and train staff before the deadline. For education technology vendors, accessibility requirements are likely to appear earlier in RFPs, procurement reviews, and contract terms.

Learn more

EAA anniversary shows awareness gaps

One year after the European Accessibility Act took effect on June 28, 2025, coverage from Ireland shows mixed progress. Public sector website scores improved from 46.1% to 55.25% year over year, but a survey found that half of Irish businesses remain unaware of their obligations.

Public bodies such as the Central Bank of Ireland and the National Transport Authority are adding accessibility requirements to procurement. Businesses selling digital products or services in the EU should use this anniversary as a prompt to confirm obligations, evidence, and remediation plans.

Learn more

UK GDS marks five years of accessibility support

The UK Government Digital Service accessibility team marked five years of support, including more than 400 advice requests, 1,500 civil servants trained, and a 130-member accessibility champions network across government departments.

The milestone shows how training, governance, and embedded expertise can move accessibility earlier into service design. Organizations building internal accessibility programs can use the model to structure ownership, reviews, and practical support.

Learn more

Content takedown news

EU report flags child safety risks on major platforms

The European Board for Digital Services met on July 1, 2026, and published its second annual Digital Services Act systemic risk report. The report identifies risks to children and young people, including grooming, cyberbullying, and harmful viral content, as a priority for very large online platforms and search engines.

The report also highlights how interface design and recommender systems can intensify harmful interactions and addiction-like use. Platforms operating in the EU should expect closer scrutiny of child safety, moderation processes, and recommender system risk controls.

Learn more

Until next week

That’s it for this week’s privacy, accessibility, and platform accountability updates. Use these developments as a prompt to review your own notices, contracts, transfer safeguards, accessibility plans, and risk assessment processes.

Adam Safar

Head of Digital Marketing

Adam is the Head of Digital Marketing at Clym, where he leverages his diverse expertise in marketing to support businesses with their compliance needs and drive awareness about data privacy and web accessibility. As one of the company’s original team members, Adam has been instrumental in shaping its journey from the very beginning. When he’s not diving into marketing strategies, Adam can be found cheering on his favorite sports teams or enjoying fishing.

Find out more about Adam