Selected U.S. Privacy & Cyber Updates - SEC Dismisses Remaining Claims Against SolarWinds - On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp....more
12/8/2025
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Brokers ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Proposed Legislation ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Websites
On November 19, the European Commission (EC) released its EU Digital Omnibus proposal – a 153-page document accompanied by an explanatory memorandum and a Staff Working Document....more
12/1/2025
/ AI Act ,
Artificial Intelligence ,
DATA Act ,
Data Management ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
e-Privacy Directive ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Regulatory Reform
Boards in the United States, United Kingdom, and European Union face increasing pressure to oversee cybersecurity risks amid evolving regulatory expectations. Our Privacy, Cyber & Data Strategy Team highlights key resources,...more
The EU’s sweeping Data Act is now in force. In this part of our series highlighting the Data Act’s key issues, our Privacy, Cyber & Data Strategy Team highlights new obligations for companies whose connected products collect...more
9/22/2025
/ Connected Cars ,
Data Collection ,
Data Privacy ,
EU ,
Internet of Things ,
Manufacturers ,
New Legislation ,
Portability ,
Regulatory Requirements ,
Right-To-Access ,
Transparency
This advisory is part of a series that summarises the key issues arising from the introduction of the Data Act. See: On September 12, 2025, the obligations introduced under the EU’s Data Act (Regulation 2023/2854) become...more
9/18/2025
/ Cloud Service Providers (CSPs) ,
Contract Terms ,
Data Management ,
Data Transfers ,
Digital Assets ,
Enforcement Actions ,
EU ,
Information Technology ,
New Legislation ,
Regulatory Requirements ,
Transparency
Microsoft Announces Two New On-Premises SharePoint Vulnerabilities - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and relate to...more
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more
The UK Serious Fraud Office (SFO) has issued new guidance to encourage companies to self-report suspected corporate criminal conduct and cooperate fully with investigations. Our transatlantic White Collar, Government &...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
3/21/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Direct Marketing ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
Our Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union....more
12/12/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Distributors ,
EU ,
European Commission ,
Importers ,
Manufacturers ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On 14 November, and after many years of negotiations, Chile adopted a new Data Protection Act (la Ley que regula la protección y el tratamiento de los datos personales y crea la Agencia de protección de datos personales)....more
EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU...more
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
9/26/2024
/ Artificial Intelligence ,
Automation Systems ,
Belgium ,
Compliance ,
Corporate Counsel ,
Data Processors ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Regulatory Oversight
Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more
11/27/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
European Commission ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Technology ,
Investment Firms ,
Popular ,
Risk Management
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal...more