When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
The Sedona Conference (TSC) and its Working Group 6 on International Electronic Information Management, Discovery, and Disclosure recently published their Commentary on Proportionality in Cross-Border Discovery (Commentary)...more
Sharing personal data is necessary for most organisations, but it also entails certain data protection risks. Controllers who share personal data with others must, among other obligations, ensure that they comply with the...more
Exactly one year from now, on September 12, 2025, the EU Data Act will enter into application. This new regulation provides harmonized rules on data access, switching cloud providers, and interoperability requirements across...more
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents,...more
LAG Düsseldorf: Hintergrund-Recherchen über Bewerber als Teil des üblichen Bewerbungsprozesses? Wie es in dem Zusammenhang zu einem Schadensersatzanspruch kommen kann. Ein Arbeitgeber muss einem Bewerber 1.000 EUR als...more
On 27 June 2024, the Spanish supervisory authority (‘AEPD’) and the European Data Protection Supervisor (‘EDPS’), announced the joint publication of a report addressing the data protection challenges associated with neuro...more
On 7 June 2024, in the case of Harrison v Cameron & Another, the High Court ruled that, in the context of a data subject access request under Article 15 UK GDPR, data subjects are entitled in principle to know the specific...more
The EU AI Act was adopted by the Council of the European Union on May 21, 2024. It will be officially published in the EU Official Journal during the second half of July and likely to come into force by August this year,...more
On 6 June 2024, the Italian supervisory authority ('Garante') published its opinion that the Wikimedia Foundation, Inc ('Wikimedia'), a US-based non-profit which hosts the free-to-use encyclopaedia website Wikipedia, was not...more
The European Health Data Space (EHDS) Regulation seeks to overcome significant obstacles in digital health by creating a comprehensive framework for sharing electronic health data. It aims to establish clear rules, common...more
May 25th marked six years since the General Data Protection Regulation has been in effect. Since it was implemented, GDPR has been regarded as the gold standard for data protection legislation across the world....more
The Dutch Data Protection Authority—the Autoriteit Persoonsgegevens (AP)—recently announced that it will in many cases regard scraping of personal data by private sector organizations as an infringement of the EU General Data...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
Germany evaluates AI-specific legislation needs and actively engages in international initiatives. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, with the exception of minor references to AI...more
Der datenschutzrechtliche Auskunftsanspruch gem. Art. 15 Abs. 1 DSGVO beschäftigt Unternehmen auf vielfältige Art und Weise. Zuletzt hatten die europäischen Datenschutzaufsichtsbehörden diesbezüglich eine koordinierte...more
Introduction - We have compiled the main differences between the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing...more
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
Warum ist das relevant? Bei Verstößen gegen das Datenschutzrecht drohen Unternehmen insbesondere zwei Konsequenzen: Maßnahmen der Datenschutzaufsichtsbehörden inkl. möglicher DSGVO-Geldbußen nach Art. 83 DSGVO sowie...more