Multinational organizations are facing an increasingly complex landscape of global privacy and artificial intelligence (AI) regulations. Recent developments highlight the need for companies to stay informed about evolving legal requirements, particularly as governments introduce new frameworks to address data protection, AI governance, and cross-border data transfers. Organizations must proactively assess their compliance strategies, adapt internal
Privacy & Data Protection
European Data Protection Board guidance on safeguarding personal data in AI technologies
The European Data Protection Board (‘EDBP’) has published its 2024 annual report highlighting key milestones achieved throughout the year. Among these, the report includes reference to an opinion issued by the EDPB in December 2024 (the ‘Opinion’) which examines the use of personal data in AI models and the applicability of…

Direct marketing ad profiling: Recent fines
Data protection authorities across Europe have recently imposed significant fines on companies for violations of data protection laws. We bring to your attention decisions related to breaches of direct marketing and profiling below.
A telecommunications company fined €50 million by the French Supervisory Authority
On 23 January 2025, the French Supervisory Authority (CNIL) fined a…
Eleventh Circuit vacates FCC one-to-one consent rule
On January 24, 2025, a three-judge panel in the U.S. Court of Appeals for the Eleventh Circuit held in Insurance Marketing Coalition v. FCC, No. 24-10277, that the Federal Communications Commission’s (FCC) one-to-one consent requirement rule (the “FCC Rule”) went beyond the FCC’s authority under the Telephone Consumer Protection Act (“TCPA”). The court held…
European General Court: data privacy pays – 400 EUR for personal data sent across the Atlantic
On 8 January 2025, the European General Court (the Court) ruled on the lawfulness of transferring personal data to countries outside the European Union (EU), in particular the United States (case T‑354/22). The judgment (Judgment) caused a stir among both businesses and data protection experts. This blog post gives you an overview of the most…
Cybersecurity law updates in the UK and the EU
UK NIS and critical national infrastructure updates
The UK government recently created a page on the new Cybersecurity and Resilience Bill updating the Network and Information Systems (NIS) Regulations 2018. There is no draft of the bill available yet, but it is confirmed the Bill will cover five sectors (transport, energy, drinking water, health, and…
Managing GenAI risk: Key takeaways from NIST’s updated guidance
In a rapidly evolving technological landscape, the National Institute of Standards and Technology (NIST) has released crucial guidance on managing risks associated with generative AI (GenAI). Our latest client alert delves into the newly published GenAI Profile (NIST AI 600-1), which outlines 12 potential high-level risks and offers actionable strategies for mitigation by breaking down…
New Target in Sight: FTC Zeroes in on Algorithmic Pricing Models Based on Personal Data
Witnessing the race to harness the power of Artificial Intelligence (“AI”) by markets and businesses, the Federal Trade Commission (“FTC”), recently issued a warning over the emerging technology and its ever-widening use cases. Citing its authority under Section 6(b) of the FTC Act, the Commissioners voted 5-0 on July 19 in favor of issuing investigative…
Online Safety Act – Keeping you updated
On 25 March 2024, Ofcom called for evidence for the third phase of its online safety regulations. This call for evidence will culminate in Ofcom’s third consultation paper, which will act as guidance for service providers to ensure compliance with the Online Safety Act (“OSA”).
The third phase of online regulations introduces further…
The impact of states’ legislative reaction to Dobbs on consumer health data privacy
Although it’s been 2 years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, various state legislatures and courts have tried to define the new post-Roe landscape. This effort includes new and revised laws to amend existing privacy laws to protect consumer health data. You can find out more on our…