Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more
On February 20 2025, the Information Commissioner’s Officer (the ICO) published the third edition of the Tech Horizons Report (the Report). The Report identifies four new technologies expected to emerge over the next 2 to 7...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
On 16 January 2025, in an open statement and letter, the UK Information Commissioner, John Edwards, responded to the December 2024 letter from the UK Prime Minister, the Chancellor, and the Business Secretary....more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
On 6 November 2024, the Information Commissioner’s Office (ICO) published a report on the use of artificial intelligence (AI) in recruitment (the Report) following a series of consensual audits with developers and providers...more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of data...more
Earlier this month the UK privacy office put a stop to several related entities’ use of facial recognition technologies and fingerprint monitors for their employees. The UK Information Commissioner’s Office found that the...more
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some...more
This blog notes some of the key features of the Addendum. At its core, the Addendum can be used in relation to both controller BCRs and processor BCRs. Organisations then have a choice as to whether they use the Addendum in...more
In the fast-evolving landscape of technological innovation, artificial intelligence (AI) has become pivotal for progress, presenting both opportunities and challenges. Despite gaps in the regulatory framework, the UK...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
Though perhaps falling short of being a universally accepted one, it is a truth that any organisation processing personal data needs a privacy programme. But how best should an internal compliance framework be structured...more
The Age Appropriate Design Code (“AADC”) - more commonly known as the Children’s Code - has been heralded as the world’s first code to protect children online. Compliance with the AADC became mandatory for in-scope businesses...more
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements. On 7 September 2022, the Information Commissioner’s Office...more
Do you transfer or receive personal data from the United Kingdom? If so, there are some important developments in the UK to factor into your data protection compliance program. In a major change of policy, some organizations...more
On June 4, 2021, the European Commission adopted a new, highly anticipated set of standard contractual clauses to facilitate the transfer of personal data out of the European Economic Area (“EEA”) in accordance with the...more
The UK government has confirmed that from Monday 16 August the rules on self-isolation for COVID close contacts will change for (a) the fully vaccinated (meaning all those who have had two vaccine doses, but only from 14 days...more