Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
"Monsters Inc." y el tratamiento de los datos
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
EU Launches UK Adequacy Decision Renewal Process - On 22 July 2025, the European Commission announced that it had launched the process to renew the adequacy decision for the United Kingdom (UK) and confirmed that the UK’s...more
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
In recent weeks, the EU and UK have both introduced changes to their respective versions of Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR). These reforms mark the first substantial...more
The UK’s Data (Use and Access) Act received Royal Assent last Thursday, June 19th, bringing into law some significant changes to the country’s post Brexit data protection framework, among an array of other, related rules (on...more
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The...more
The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies....more
The EU Pay Transparency Directive (’PTD’) introduces extensive disclosure obligations regarding salary information. At the same time, employers must ensure compliance with the applicable data protection regulations and...more
On March 5, 2025, Regulation (EU) 2025/327 of the European Parliament and of the Council of February 11, 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (the Regulation)...more
On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK...more
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity....more
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI. Laws/Regulations directly regulating AI (the “AI Regulations”) The OECD's Recommendation of the Council on Artificial...more
This blog post focuses on the transparency requirements associated with certain limited-risk artificial intelligence (AI) systems under Article 50 of the European Union’s AI Act....more
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
On November 27, 2023, the European Union ("EU") adopted the final text of the Data Act, marking an effort to create a harmonized, cross-sectoral data sharing framework with the stated goal of ensuring fair access to and use...more
On November 9, 2023, the European Parliament adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. It is widely...more
With data privacy landscapes changing around the globe, how can organizations handle cross-border deals while still remaining compliant? This has been a burning question over recent years....more
Updated June 2023 - The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
New Decree Law n. 101/2019, effective on September 5, 2019, introduces a minimum legal framework for gig workers, providing the applicability of the discipline of subordinate employment relationships. The remuneration of the...more
On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of...more
At Mitratech, I work in the division of the company that develops solutions in the areas of governance, risk, and compliance (GRC). At first blush to an outsider, this may not sound very exciting and might even sound somewhat...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the Eleventh Circuit's decision to vacate an order against LabMD regarding FTC cease-and-desist orders, new data breach notification laws in three U.S....more
In August 2017, the Supreme Court of India passed a judgment in the case of Justice K S Puttuswamy vs Union of India (Supreme Court of India, WRIT PETITION (CIVIL) NO 494 OF 2012), in which fundamental rights, as provided in...more
There is much for authorised firms to consider in the year ahead. Firms have been through the intensive period of the enactment of the second Markets in Financial Instruments Directive (MiFID II), but must now step up their...more