We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
"Monsters Inc." y el tratamiento de los datos
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
On 19 June 2025, CNIL published two additional “how-to-sheets” on artificial intelligence, one on the legitimate interest and the other on the collection of data via web scraping. These documents aim to clarify the rules...more
On 17th June 2025, the Spanish Data Protection Authority (“AEPD”) published guidance in relation to Royal Decree 933/2021, which regulates document registration and information obligations relating to accommodation and motor...more
On April 28 2025, the Court of Justice of the European Union (CJEU) published an updated version of the fact sheet (the Fact Sheet) summarising key case law on protection of personal data. The Fact Sheet covers the case law...more
If you are a compliance professional for a U.S.-based company, you have probably been told at some point that you have to worry about the General Data Protection Regulation (GDPR). Have you encountered one of these...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
As of January 1, 2025, the Israeli Privacy Protection Regulations (Instructions for data being transferred to Israel from the European Economic Area) will also apply to data being stored or processed in Israel or in other...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
Introduction - We have compiled the main differences between the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing...more
The privacy advocacy group noyb, founded by privacy activist Max Schrems, has raised concerns over how ChatGPT handles questions about real-life individuals. The group alleges that ChatGPT has been generating inaccurate...more
By now, companies that collect, process, and store the personal data of consumers are used to a fast pace of state privacy and cybersecurity legal activity. This year, companies should also expect increased activity from...more
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
On March 7, 2024, the European Court of Justice (CJEU) issued a landmark ruling on digital advertising and the concepts of personal data and joint controllership under the General Data Protection Regulation (GDPR)....more
As employment-related artificial intelligence (“AI”) tools proliferate, multinational employers feel increasing pressure to deploy AI across their global offices. These tools can provide great value and efficiency across the...more
This article originally appeared in The Legal Technologist November/December 2023 Issue here. As individuals, we have the legal right to access personal data held by an organisation, and an increasing number of requests are...more
Following NOYB's filing of 101 complaints over continuous EU-U.S. data transfers by websites operators in the European Economic Area (EEA) in the post-Schrems II era, the Spanish Data Protection Agency (AEPD) issued its first...more
Clearview AI Inc's successful challenge to the ICO’s £7.5 million fine focused on the limits of the UK GDPR’s jurisdictional reach, succeeding on the grounds that Clearview’s processing activities were outside the scope of...more
On January 8, 2024, New Jersey’s State Legislature passed the Disclosure and Accountability Transparency Act (the “Data Act”). Following Governor’s signature within 45 days, the Data Act would take effect one (1) year after...more