Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher...more
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more
Although 2025 has not seen the introduction of comprehensive federal privacy reform, state legislatures have enacted a series of focused amendments that significantly heighten compliance obligations for organizations...more
When using biometrics in advertising, consent is not enough. IAB Canada, a trade association for Canada’s interactive marketing and advertising industry, recently issued policy paper on using biometrics in digital...more
With so much data flying around, it’s more essential than ever that personal information remain private. To help make sure of this, there are a growing number of regulations aimed at personal data protection—like the GDPR and...more
The rise of biometric technologies has ushered in a new era of convenience and security. But with that innovation comes heightened privacy risk. Recognizing the sensitivity of biometric data, the Office of the Privacy...more
While no state has passed a new consumer data privacy law in 2025, five states passed bills amending their existing laws....more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
The Italian Data Protection Authority’s recent decision provided guidance on the true meaning of personal data anonymization and the crucial distinction between the DPO as a monitor – not an executor. In a world driven by AI...more
Employers are increasingly monitoring and filtering the web browsing habits of employees. The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations...more
On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
On 20 March 2025, the Nigeria Data Protection Commission (Commission), issued the General Application and Implementation Directive (GAID). The GAID serves as a regulatory framework for implementing the Nigeria Data...more
Welcome to our monthly update on current legal issues for trustees of DC pension schemes, designed to help you stay up to date with key developments between trustee meetings and to support the legal update item on your next...more
Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
Are you using artificial intelligence in your business operations? Do you have AI embedded in the goods and services you offer customers? The regulatory framework applicable to AI continues to develop, including across US...more
Un paquete de reformas relevantes fue aprobado recientemente en México, introduciendo nuevas regulaciones en materia de protección de datos personales y transparencia. Este cambio estructural en el marco normativo mexicano se...more
A major reform package was recently enacted in Mexico introducing new regulations on personal data protection and transparency. This structural shift in Mexico’s regulatory framework will unfold over the coming months, but...more
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
With eight states rolling out new privacy laws in 2025 and many more already on the books, businesses have never faced a more fragmented regulatory landscape. These laws will expand consumer rights, impose stricter data...more
On March 4, 2025, the California Attorney General (AG) announced a further delay in the enforcement of the California Age-Appropriate Design Code Act (CAADCA) until April 5, 2025. Initially operative on July 1, 2024, CAADCA’s...more
On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance...more
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more