Privacy & Data Protection

Subscribe to Privacy & Data Protection via RSS

Multinational organizations are facing an increasingly complex landscape of global privacy and artificial intelligence (AI) regulations. Recent developments highlight the need for companies to stay informed about evolving legal requirements, particularly as governments introduce new frameworks to address data protection, AI governance, and cross-border data transfers. Organizations must proactively assess their compliance strategies, adapt internal

The European Data Protection Board (‘EDBP’) has published its 2024 annual report highlighting key milestones achieved throughout the year. Among these, the report includes reference to an opinion issued by the EDPB in December 2024 (the ‘Opinion’) which examines the use of personal data in AI models and the applicability of

Data protection authorities across Europe have recently imposed significant fines on companies for violations of data protection laws. We bring to your attention decisions related to breaches of direct marketing and profiling below.

A telecommunications company fined €50 million by the French Supervisory Authority

On 23 January 2025, the French Supervisory Authority (CNIL) fined a

On January 24, 2025, a three-judge panel in the U.S. Court of Appeals for the Eleventh Circuit held in Insurance Marketing Coalition v. FCC, No. 24-10277, that the Federal Communications Commission’s (FCC) one-to-one consent requirement rule (the “FCC Rule”) went beyond the FCC’s authority under the Telephone Consumer Protection Act (“TCPA”). The court held

On 8 January 2025, the European General Court (the Court) ruled on the lawfulness of transferring personal data to countries outside the European Union (EU), in particular the United States (case T‑354/22). The judgment (Judgment) caused a stir among both businesses and data protection experts. This blog post gives you an overview of the most

UK NIS and critical national infrastructure updates

The UK government recently created a page on the new Cybersecurity and Resilience Bill updating the Network and Information Systems (NIS) Regulations 2018. There is no draft of the bill available yet, but it is confirmed the Bill will cover five sectors (transport, energy, drinking water, health, and

In a rapidly evolving technological landscape, the National Institute of Standards and Technology (NIST) has released crucial guidance on managing risks associated with generative AI (GenAI). Our latest client alert delves into the newly published GenAI Profile (NIST AI 600-1), which outlines 12 potential high-level risks and offers actionable strategies for mitigation by breaking down

Witnessing the race to harness the power of Artificial Intelligence (“AI”) by markets and businesses, the Federal Trade Commission (“FTC”), recently issued a warning over the emerging technology and its ever-widening use cases. Citing its authority under Section 6(b) of the FTC Act, the Commissioners voted 5-0 on July 19 in favor of issuing investigative

On 25 March 2024, Ofcom called for evidence for the third phase of its online safety regulations. This call for evidence will culminate in Ofcom’s third consultation paper, which will act as guidance for service providers to ensure compliance with the Online Safety Act (“OSA”). 

The third phase of online regulations introduces further

Although it’s been 2 years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, various state legislatures and courts have tried to define the new post-Roe landscape. This effort includes new and revised laws to amend existing privacy laws to protect consumer health data. You can find out more on our