We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
"Monsters Inc." y el tratamiento de los datos
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
Starting today, July 31, 2025, the Minnesota Consumer Data Privacy Act (“MCDPA”) officially takes effect. Signed by Governor Tim Walz in May 2024, this act majorly affects how the personal data of Minnesota residents is...more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
EU Launches UK Adequacy Decision Renewal Process - On 22 July 2025, the European Commission announced that it had launched the process to renew the adequacy decision for the United Kingdom (UK) and confirmed that the UK’s...more
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”). Once passed, Cambodia will join the ranks of seven other countries...more
California has approved new regulations requiring some companies to conduct annual audits of their cybersecurity programs, including the policies, procedures, and practices for protecting personal information. On July 24,...more
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
INTRODUCTION - Artificial intelligence ("AI") has rapidly transitioned from experimental use to widespread adoption across Hong Kong. Organisations are now leveraging AI models to enhance customer service, improve risk...more
France's Data Protection Authority (the “Commission Nationale de l'Informatique et des Libertés” or “CNIL”) has issued comprehensive recommendations intended to assist businesses that are develop artificial intelligence...more
On July 16, 2025, various legal reforms were published in the Federal Official Gazette, modifying the framework of identity, security, and administrative management in Mexico. These reforms seek to establish a unified digital...more
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves...more
In the legal industry, handling business transactions is part of our daily routine. Managing the transfer of personal data during acquisitions, sales, mergers or bankruptcy proceedings has become second nature to us. We...more
On 17 June 2025, the German data protection authorities issued substantially revised guidance on technical and organizational measures for the development and operation of AI systems. Aimed at manufacturers and developers,...more
On 4 June 2025, the European Data Protection Board published guidelines clarifying how EU-based companies should assess requests from foreign authorities for access to EU personal data. The EDPB emphasizes that such requests...more
In recent weeks, the EU and UK have both introduced changes to their respective versions of Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR). These reforms mark the first substantial...more
On 19 June 2025 the Data (Use and Access) Act (the "DUA Act") received Royal Assent and became law in the UK, having been passed by the UK Parliament on 11 June 2025. The DUA Act principally reforms the General Data...more
The United States Data Security Program (DSP) represents a significant regulatory undertaking by the US government to control the flow of bulk sensitive data to specific foreign countries, for national security purposes....more
New York’s Child Data Protection Act (NYCDPA) has gone into effect, introducing sweeping new requirements for businesses that collect personal data from minors under 18. While New York has not yet joined the ranks of the...more
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations...more
On 19 June 2025, CNIL published two additional “how-to-sheets” on artificial intelligence, one on legitimate interest and the other on the collection of data via web scraping. These documents aim to clarify the rules...more
Editor’s Note: Europe’s regulatory landscape has undergone a fundamental transformation, extending far beyond GDPR’s foundational framework to encompass a complex ecosystem of interconnected laws governing digital platforms,...more
Despite congressional activity on AI in Colombia, regulation remains unclear and uncertain. Laws/Regulations directly regulating AI (“AI Regulations”) Currently, there are no specific laws, statutory rules, or regulations...more