Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
Digital Operational Resilience Act (DORA) aims to harmonize provisions related to cybersecurity and information and communication technology (ICT) risk management in the financial sector. Its scope covers nearly all entities...more
The EU Cyber Resilience Act (CRA) entered into force on 10 December 2024. The CRA is the first legislation of its kind in the world that aims to enhance the cyber security of products or software with a digital component...more
First introduced in December 2020 by the European Commission, the European Cyber Resilience Act (“ CRA”) regulation was published in the Official Journal on November 20th. It will come into force on December 10, 2024, but...more
The CJEU considered: (a) whether a legitimate interest of the controller or third party must be determined by law, and (b) whether provision of personal data of the members of a sports federation to third parties in return...more
Introduction - 2024 has been another big year for privacy. Several new state privacy laws are going into effect, with several more coming in 2025, while a federal privacy law continues to be discussed that would further...more
We have been talking about it since last year: the bill to secure and regulate the digital space ("SREN") has now been passed. The legislative process leading up to the enactment of the SREN bill has been slow (as a reminder:...more
Beginning October 12, 2023, the UK-U.S. Data Bridge will allow UK companies to transfer personal data to the United States using the new EU-U.S. Data Privacy Framework....more
Organizations developing or using generative AI tools should implement cross-functional governance frameworks to develop and continuously monitor their use of such tools. From the earliest stages of generative AI use,...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
In 1992, Singapore banned the sale of all chewing gum. But if you owned a cornerstore in the U.S. and a Singaporean tourist came to visit your business, there would be nothing to stop you from selling them a pack of gum—in...more
On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
On September 15, 2022, the European Commission (EC) published a Proposal for a Cyber Resilience Act (CRA Proposal) that sets out new rules in the European Union (EU) for software and hardware products and their remote data...more
The EU’s General Data Protection Regulation (GDPR) regulates the transfer of personal data in the European Union. For many multinational employers, Standard Contractual Clauses (SCCs) offer the only practical means of...more
By the close of 2021, EU data protection authorities (“DPA”) had initiated investigations into a number of US tech companies operating in Europe and further investigations are set to continue. In a recent case concerning...more
An international law-enforcement effort has led to the arrest of multiple individuals affiliated with the most prolific ransomware cartel operating today. In November, Justice Department officials announced indictments and an...more
Today’s global healthcare marketplace is marked by unprecedented transformation. The seismic shifts in healthcare delivery and drug development during COVID-19 have, in 2021, continued to demonstrate the power and capacity...more
The German Bundestag adopted the IT Security Act 2.0 (IT-Sicherheitsgesetz 2.0 – "IT-SiG 2.0") on 23 April 2021. On 7 May, the draft IT-SiG 2.0 has now also been endorsed in the Bundesrat. We have set out the latest key...more
The European Commission adopted a roadmap for the European Union's digital economy until 2030 on February 10, 2021. The roadmap aims to provide the following: This digital transformation targets European citizens, businesses,...more
Website and app operators are jointly liable with Facebook for violations of European data protection law - In its judgment of 29 July 2019 (ref.C-40/17), the European Court of Justice has ruled on two essential points...more
The legal requirements for the use of cookies have been subject to discussion over the last few years, with little to no enforcement and guidance from European data protection authorities (DPAs). That has changed recently....more