- What is new: The ICO is proposing to relax its enforcement of cookie consent requirements, meaning user consent would not be required for lower-risk advertising cookies.
- Why it matters: The proposals aim to address...more
8/6/2025
/ Advertising ,
Consent ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Information Commissioner's Office (ICO) ,
New Guidance ,
Privacy Laws ,
UK ,
Web Tracking
In recent weeks, the EU and UK have both introduced changes to their respective versions of Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR). These reforms mark the first substantial...more
7/11/2025
/ Compliance ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
UK
Executive Summary -
The EU Data Act, whose requirements apply from 12 September 2025, establishes new rights for businesses and consumers to access data they generated using “connected devices,” limiting the exclusive...more
6/24/2025
/ Cloud Computing ,
Competition ,
Contract Terms ,
DATA Act ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Regulatory Requirements ,
UK
On April 23 and 24, 2025, regulators, industry leaders and data privacy leaders from across the globe convened in Washington, D.C. for the 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit....more
5/5/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
State Privacy Laws ,
Technology ,
UK
Across industries, companies are facing new and uncertain regulatory pressures and demands in areas including artificial intelligence, sustainability, algorithmic pricing and fintech-bank relations. In this issue of The...more
9/10/2024
/ Algorithms ,
Antitrust Division ,
Artificial Intelligence ,
Banking Sector ,
Board of Directors ,
Competition ,
Corporate Governance ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
EU ,
Financial Institutions ,
FinTech ,
Multinationals ,
Price-Fixing ,
Regulatory Agenda ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more
2/19/2024
/ Acquisitions ,
Activist ,
Artificial Intelligence ,
Board of Directors ,
Canada ,
China ,
Competition ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Executive Orders ,
Federal Contractors ,
Financial Services Industry ,
Forced Labor ,
Germany ,
International Labor Laws ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Mergers ,
NGOs ,
Political Campaigns ,
Political Contributions ,
Political Conventions ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Shareholders ,
Technology Sector ,
UK ,
Uyghur Forced Labor Prevention Act (UFLPA)
AI in 2024: Monitoring New Regulation and Staying in Compliance With Existing Laws Companies that develop or employ AI tools have to consider proposed AI-specific regulation as well as an array of existing IP, privacy,...more
12/22/2023
/ Acquisitions ,
Artificial Intelligence ,
CFIUS ,
China ,
Cybersecurity ,
Data Privacy ,
Energy Sector ,
EU ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
International Litigation ,
Investment ,
IRS ,
Mergers ,
National Security ,
New Hires ,
New Legislation ,
New Regulations ,
Outer Space ,
Private Equity ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Taxation ,
Technology Sector ,
Trade Relations ,
Trade Restrictions ,
UK
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
11/22/2023
/ Artificial Intelligence ,
CNIL ,
Data Protection ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Technology ,
UK
In this month’s Privacy & Cybersecurity Update, we examine Iowa’s new data privacy law (the sixth state to enact a privacy law), the Biden administration’s new national cybersecurity strategy, the U.K. government’s revised...more
4/4/2023
/ Amended Regulation ,
Biden Administration ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Protection ,
National Security ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
2/1/2023
/ Advertising ,
California ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
FCC ,
Fines ,
Investigations ,
Metaverse ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Reporting Requirements ,
Settlement Agreements ,
State and Local Government ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework, as well as guidance from the U.K. Information Commissioner’s Office on...more
1/3/2023
/ Biometric Information Privacy Act ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
European Commission ,
International Data Transfers ,
Popular ,
Privacy Laws ,
Risk Assessment ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the California Privacy Protection Agency’s revised draft regulations for the California Privacy Rights Act, the Federal Trade Commission’s settlement with a...more
12/6/2022
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Direct Marketing ,
Electronic Communications ,
Enforcement ,
Federal Trade Commission (FTC) ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
UK
In this month’s Privacy & Cybersecurity Update, we examine the FTC’s blog post suggesting an increased focus on protecting consumers’ sensitive data and Plaid’s settlement to resolve a class action arising from its data...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the National Institute of Standards and Technology's four principles of the "explainability" of artificial intelligence and the U.K. Information...more
9/1/2020
/ Anti-Drone Technology ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Drones ,
EU-US Privacy Shield ,
FCC ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
Final Rules ,
International Data Transfers ,
NIST ,
Office of Administrative Law ,
Personal Information ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
UK ,
UK ICO
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
8/6/2020
/ Automotive Industry ,
Binding Corporate Rules ,
Broadband Privacy Rules ,
Connected Cars ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Economic Loss Doctrine ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
First Amendment ,
Free Speech ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Insurance Industry ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
Misrepresentation ,
Negligence ,
NYDFS ,
Online Platforms ,
P2B ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Schrems I & Schrems II ,
Security Breach ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Data Protection Act ,
United Nations
In this month's edition, we examine the landmark data breach class action in the English High Court against Equifax, the FTC's complaint against data colocation company RagingWire and a Utah business-to-business company's...more
12/4/2019
/ Commercial General Liability Policies ,
Cybersecurity ,
Data Breach ,
Denial of Insurance Coverage ,
Equifax ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Arbitration ,
Misrepresentation ,
Popular ,
Privacy Laws ,
Settlement ,
Target ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we examine five amendments to the California Consumer Privacy Act, the EU Court of Justice's rulings on the "Right to Be Forgotten" and what qualifies as a joint...more
10/2/2019
/ Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Controller ,
Discovery Disputes ,
EU ,
Facial Recognition Technology ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Privacy Laws ,
Right to Be Forgotten ,
UK ,
United States
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
8/2/2019
/ Article III ,
Biometric Information ,
Consumer Protection Laws ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Debit and Credit Card Transactions ,
Equifax ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Malware ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Search Results ,
Settlement ,
Spokeo v Robins ,
Standing ,
State and Local Government ,
State Data Breach Notification Statutes ,
UK
In this month's edition of our Privacy & Cybersecurity Update, we examine expanded data breach notification laws in New Jersey and Washington state, as well as the SEC's risk alert regarding cloud-based storage solutions. We...more
6/3/2019
/ Amended Rules ,
Annual Reports ,
Cloud Storage ,
Cybersecurity ,
Data Breach ,
Data Protection Authority ,
Data Security ,
Federal Trade Commission (FTC) ,
Finland ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
5/1/2019
/ Broker-Dealer ,
Canada ,
Commercial General Liability Policies ,
Cyber Insurance ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data-Sharing ,
Denial of Insurance Coverage ,
Designated Contract Markets (DCMs) ,
ENISA ,
Equifax ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Hackers ,
Investment Adviser ,
NCSC ,
OCIE ,
PIPEDA ,
Popular ,
Privacy Comissioners ,
Privacy Laws ,
Privacy Policy ,
Putative Class Actions ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Surveys ,
TCPA ,
UK ,
UK Data Protection Act ,
UK ICO ,
Unsolicited Faxes
In this month's edition of our Privacy & Cybersecurity Update, we examine new cybersecurity legislation in California and Massachusetts, the British government's updates to its cybersecurity laws in anticipation of Brexit and...more
4/2/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Class Certification ,
Credit Reporting Agencies ,
Credit Reports ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Popular ,
Privacy Laws ,
Public Comment ,
State Data Breach Notification Statutes ,
Thailand ,
UK ,
UK Brexit
In this month's Privacy & Cybersecurity Update, we examine recent trends and court decisions, including a new law in Ohio that provides a safe harbor from tort-based data breach claims if the company adopts certain security...more
10/2/2018
/ Affirmative Defenses ,
Amended Rules ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Computer Fraud Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Popular ,
Privacy Policy ,
Private Right of Action ,
Social Engineering ,
State Attorneys General ,
State Legislatures ,
UK ,
UK ICO