When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and...more
On January 31, 2024, the European Commission (EC) adopted the first of a series of initiatives to harmonize cybersecurity certification across the EU: the European Cybersecurity Scheme on Common Criteria (EUCC). While EUCC...more
In the rapidly evolving digital landscape, the European Union’s Data Act (Data Act), adopted on November 27, 2023 marks a significant shift in data, privacy, and intellectual property regulation. The Data Act applies to...more
On November 27, 2023, the European Union ("EU") adopted the final text of the Data Act, marking an effort to create a harmonized, cross-sectoral data sharing framework with the stated goal of ensuring fair access to and use...more
The majority of the provisions of the EU Data Governance Act 2022 (DGA) became fully applicable across the EU on 24 September 2023. This follows the end of the transitional period of 15 months from its entry into force on 23...more
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concluded that the United States does ensure an adequate level of protection for transferring...more
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from...more
On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the...more
On July 4, 2023, the European Commission (EC) published its proposal for a regulation laying down additional procedural rules for the enforcement of the EU General Data Protection Regulation (GDPR) (proposal). The proposal...more
On May 22, 2023, Ireland’s Data Protection Commission (DPC) published its long-awaited decision in the Meta EU-U.S. data transfer case (Decision). In its landmark Decision, the DPC imposed a record 1.2 billion EUR fine and...more
On February 24, 2023, the European Commission (EC) opened a public consultation on its initiative (Initiative) to revise procedural rules relating to the enforcement of the EU General Data Protection Regulation (GDPR). The EC...more
In September 2022, the EU Commission introduced a proposed regulation designed to regulate products in the EU market with a “digital element”. Whilst the newly adopted and updated Network Information Security Directive (NIS...more
The European Union’s General Data Protection Regulation (GDPR) requires companies to monitor and comply with some of the strictest privacy laws in effect. Now, the European Commission is refocusing efforts and oversight on...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
In a call for Evidence for an Impact Assessment, the European Commission has introduced its initiative for a new Cyber Resilience Act that is set to establish new cybersecurity rules for digital products and ancillary...more
EDPB Issues Draft Guidance on International Data Transfers - On November 18, 2021, the European Data Protection Board (“EDPB”) published draft guidance on the interaction between the GDPR’s transfer provisions set out in...more
Businesses today are data driven and data dependent, but the rules that govern how data can be used and shared across borders are becoming increasingly tricky for international organizations to navigate, subject to constantly...more
The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more dramatic announcements...more
We’re checking in with our Europe-based expert on the latest European updates and upcoming changes for the third quarter of 2021 including updates on Brexit, European Union (EU) data protection policies, block exemption...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
If at first (and second) you don’t succeed, try try again. The European Union and United States are gearing up for “Privacy Shield 2.0” to address the difficulties faced by tens of thousands of companies in the wake of the...more
On February 19, the European Commission (EC) published the draft of its much hoped-for adequacy decision for transfers of personal data to the UK under the EU General Data Protection Regulation (EU GDPR) (Draft Adequacy...more
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On 15 January, 2021, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) adopted a joint opinion (“Joint Opinion”) on the draft new sets of Standard Contractual Clauses (“New...more
The UK left the EU on January 31, 2020. On Christmas Eve, the two parties signed a Trade and Cooperation Agreement. Under the Agreement, EU personal data can be processed in the UK for six months. The European Commission will...more