Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision focuses on the employer’s use of content from Facebook, WhatsApp, and Messenger— shared...more
The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
As the digital economy continues to thrive and remote work becomes increasingly mainstream, an “offshore model” of business operation has emerged. Under this model, companies may provide services to users in a given...more
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
On 12 June 2025, the French data protection authority (CNIL) launched a public consultation on a draft recommendation regarding the use of tracking pixels in emails. This recommendation roughly assimilates pixels and any...more
Organizations must continuously review and refine their data governance strategies to keep pace with a regulatory environment that is shifting at an unprecedented rate. In response to mandates for stronger compliance...more
On April 23 and 24, 2025, regulators, industry leaders and data privacy leaders from across the globe convened in Washington, D.C. for the 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit....more
On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
What happens when data protection collides with the relentless pace of digital innovation? That’s the question the European Data Protection Board (EDPB) seemed to confront head-on in 2024, a year marked by unprecedented...more
ComplexDiscovery Editor’s Note: Apple’s aggressive stance on privacy has earned both praise and penalty, most recently, a €150 million fine from the French Competition Authority. This significant enforcement action challenges...more
On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more
Automated decision-making, or ADM, is used for a wide range of use cases that impact individuals — from processing insurance claims and credit scoring, to ranking job candidates and offering personalized pricing or targeted...more
On March 7 2025, the European Parliamentary Research Service (EPRS) published a paper outlining the challenges to UK data adequacy and ongoing national legislative reforms that could affect the renewal of the two existing...more
March 26, 2025, marked a pivotal moment in the EU with the European Health Data Space Regulation, (EU) 2025/327 (“EHDS Regulation”), coming into force. The EHDS represents a transformative initiative by the European Union...more
It would seem that for the Court of Justice of the European Union (CJEU), the answer is yes – let’s dig into the CJEU decision on the case No. C-247/23, issued on the 13th of March. VP, an Iranian transgender refugee, had his...more
The European Data Protection Board (EDPB) has launched its 2025 enforcement sweep targeting organizations’ compliance with data subjects’ right of erasure (right to delete or be forgotten), focusing particularly on how...more
The European Data Protection Board's (EDPB) Opinion 28/2024 provides valuable insights into the intersection of artificial intelligence and data protection, particularly in the context of compliance with the EU General Data...more
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more
Data privacy laws are evolving rapidly worldwide, with jurisdictions such as California, Japan, Canada, and Brazil adopting frameworks inspired by the EU’s General Data Protection Regulation (GDPR). Businesses operating...more
Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more
Looks like WhatsApp just leveled up—whether it wanted to or not. Meta’s messaging giant has officially been crowned a Very Large Online Platform (VLOP) under the European Union’s Digital Services Act (DSA), which basically...more
On February 20, 2025, the Polish Personal Data Protection Office (UODO) published an updated version of the guide on personal data protection breaches. The first edition was released in 2018. The latest version...more
Know What Laws Apply - Privacy and security laws, particularly in the U.S., have changed dramatically in the last few years. It’s not surprising many leaders are unsure which new laws or updated regulations apply to their...more
The Evolving Role of AI/ML in Healthcare - The use of artificial intelligence/machine learning (AI/ML) in healthcare is evolving rapidly and introducing new challenges. Not only are medical devices using AI for diagnostics,...more