On November 19, 2025, the EU Commission (Commission) published a set of legislative proposals to introduce more flexibility into a number of EU digital regulations, including...more
On October 9, 2025, the European Commission (EC) and the European Data Protection Board (EDPB) published Draft Guidance on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR,...more
On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines...more
9/23/2025
/ Automated Decision Systems (ADS) ,
Corporate Counsel ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Online Platforms ,
Popular ,
Privacy Laws ,
Regulatory Requirements ,
Risk-Based Approaches ,
Targeted Digital Advertising
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission...more
9/4/2025
/ Binding Corporate Rules ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Laws ,
Standard Contractual Clauses
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The...more
6/19/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Personal Data ,
Proposed Legislation ,
Regulatory Reform
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report...more
Starting January 17, 2025, the Digital Operational Resilience Act (DORA) will require financial entities and their critical information and communication technology (ICT) service providers to comply with enhanced...more
Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children's safety in the digital...more
On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to...more
1/10/2025
/ Class Action ,
Compliance ,
Corporate Counsel ,
Damages ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation...more
On October 10, 2024, the European Union officially adopted the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as...more
11/1/2024
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Popular
In recent months, politicians and regulators across a number of jurisdictions have called on operators of online platforms to take seriously their legal obligations to promote a safe online environment. The safety of children...more
10/22/2024
/ Artificial Intelligence ,
EU ,
Internet ,
Ireland ,
Mental Health ,
Minor Children ,
Online Platforms ,
Online Safety for Children ,
Social Media ,
Social Networks ,
UK
On September 10, 2024, the European Commission (EC) offices in charge of the enforcement of the Digital Markets Act (DMA) and the European Data Protection Board (EDPB)—the European body composed of all EU data protection...more
As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation,...more
The Artificial Intelligence Act (AI Act) is the first comprehensive legislation that intends to regulate AI horizontally across all sectors in Europe. It will have far reaching consequences on all companies developing,...more
On April 8, 2024, the French Data Protection Authority (CNIL) published recommendations on the development phase of artificial intelligence (AI) systems1 (Recommendations). They are the first set of recommendations designed...more
On March 7, 2024, the European Court of Justice (CJEU) issued a landmark ruling on digital advertising and the concepts of personal data and joint controllership under the General Data Protection Regulation (GDPR)....more
The EU’s Digital Markets Act (DMA) imposes far-reaching ex ante obligations on the largest digital platforms, so-called “gatekeepers.” It applies in parallel with antitrust rules, national regulation (which can go beyond the...more
In 2024, businesses will continue to face an evolving landscape of privacy opportunities and challenges, including an increasingly complex data regulatory environment that extends beyond the General Data Protection Regulation...more
On December 8, 2023, the EU finally agreed on the world’s first comprehensive legal framework on AI: the AI Act. EU lawmakers reached a political agreement on a series of controversial issues after record-long negotiations....more
The Artificial Intelligence Act (AI Act) is the first comprehensive legislation that intends to regulate AI horizontally across all sectors in Europe. It will have far reaching consequences on all companies developing,...more
The Online Safety Bill (OSB or Bill) passed its final reading in the UK’s Parliament in September 2023. The Bill will become law in the coming weeks, ushering in a new era for the regulation of digital services in the UK....more
10/11/2023
/ Corporate Counsel ,
Digital Platforms ,
Internet ,
Internet Service Providers (ISPs) ,
Online Platforms ,
Online Safety for Children ,
Popular ,
Proposed Legislation ,
Safety Precautions ,
UK ,
Websites
On September 21, 2023, the UK Government announced the establishment of the “UK-US data bridge” (the Bridge), also known as the UK Extension to the EU-U.S. Data Privacy Framework (the DPF). The announcement promises to...more
On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers...more
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to...more