Our latest video highlights the depth and breadth of our Cybersecurity practice through the lens of one of its leaders, Christian Leuthner. Christian outlines our practical, business-first approach to cybersecurity and highlights recent trends shaping the risk landscape. These risks include heightened regulatory scrutiny, supply chain compromises, AI-enabled threats, and the increasing need for robust
We’re excited to share our new video featuring partner Cynthia O’Donoghue, who offers practical insights into the rapidly evolving Digital Health landscape. In the video, Cynthia explores the intersection of healthcare, technology, data, and regulation, and discusses the real-world challenges and opportunities facing digital health innovators today.
Cynthia discusses the trends shaping the sector
On 11 September 2025, the European Data Protection Board (EDPB) published new Guidelines clarifying how the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) interact, with a focus on the processing of personal data by intermediary service providers under various DSA obligations. The aim is to ensure both regulations are applied consistently, protecting
Following the UK government’s earlier proposals to reform the data protection regime, the Data Use and Access Act 2025 (DUAA) received Royal Assent on 19 June 2025. The DUAA amends the existing UK data protection framework—including the UK GDPR, the Data Protection Act 2018, and PECR—and forms part of the government’s wider strategy to create
Multinational organizations are facing an increasingly complex landscape of global privacy and artificial intelligence (AI) regulations. Recent developments highlight the need for companies to stay informed about evolving legal requirements, particularly as governments introduce new frameworks to address data protection, AI governance, and cross-border data transfers. Organizations must proactively assess their compliance strategies, adapt internal
The European Data Protection Board (‘EDBP’) has published its 2024 annual report highlighting key milestones achieved throughout the year. Among these, the report includes reference to an opinion issued by the EDPB in December 2024 (the ‘Opinion’) which examines the use of personal data in AI models and the applicability of
Data protection authorities across Europe have recently imposed significant fines on companies for violations of data protection laws. We bring to your attention decisions related to breaches of direct marketing and profiling below.
A telecommunications company fined €50 million by the French Supervisory Authority
On 23 January 2025, the French Supervisory Authority (CNIL) fined a
On January 24, 2025, a three-judge panel in the U.S. Court of Appeals for the Eleventh Circuit held in Insurance Marketing Coalition v. FCC, No. 24-10277, that the Federal Communications Commission’s (FCC) one-to-one consent requirement rule (the “FCC Rule”) went beyond the FCC’s authority under the Telephone Consumer Protection Act (“TCPA”). The court held
On 8 January 2025, the European General Court (the Court) ruled on the lawfulness of transferring personal data to countries outside the European Union (EU), in particular the United States (case T‑354/22). The judgment (Judgment) caused a stir among both businesses and data protection experts. This blog post gives you an overview of the most
UK NIS and critical national infrastructure updates
The UK government recently created a page on the new Cybersecurity and Resilience Bill updating the Network and Information Systems (NIS) Regulations 2018. There is no draft of the bill available yet, but it is confirmed the Bill will cover five sectors (transport, energy, drinking water, health, and