As organisations increasingly use AI tools for a range of process improvement purposes, a range of human resources-specific use cases have emerged — including transcribing interviews and performance meetings and drafting job...more
11/11/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
EU ,
Hiring & Firing ,
Human Resources Professionals ,
International Labor Laws ,
Machine Learning ,
Predictive Analytics ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management
Does your organisation see an uptick in data subject access requests whenever the story of a high-profile individual exercising their data protection rights makes the headlines? DSARs are a real leveller. Whether the...more
10/20/2025
/ Best Practices ,
Corporate Counsel ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Subject Access Requests ,
Information Commissioner's Office (ICO) ,
Information Governance ,
Personal Data ,
Privacy Laws ,
Redacted Documents ,
Redaction ,
Right of Access ,
Transparency ,
UK GDPR
Despite the fears of foreign organisations about the long-arm jurisdiction of European data protection laws, the extra-territorial application of the GDPR — and, subsequently the UK GDPR — has received relatively scant...more
10/15/2025
/ Big Data ,
Biometric Information ,
Data Privacy ,
Data Profiling ,
Data Protection ,
Enforcement Actions ,
Extraterritoriality Rules ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Jurisdiction ,
Privacy Laws ,
Surveillance ,
UK GDPR
If these walls could talk. And in the ‘connected’ buildings that continue to be of prime interest for real estate and infrastructure investors, the doors, the lights, the appliances, and much more beyond. In a recent survey...more
10/9/2025
/ Commercial Real Estate Market ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Internet of Things ,
Investors ,
Real Estate Development ,
Real Estate Investments ,
Regulatory Requirements ,
Risk Management ,
Supply Chain ,
UK
Last week it came to light that the victims of two of the UK’s most high-profile recent data breaches — the Co-operative Group and Jaguar Land Rover — did not have cyber insurance in place. As a result, the companies will...more
9/30/2025
/ Business Losses ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Due Diligence ,
Insurance Industry ,
Policy Exclusions ,
Risk Management ,
Risk Mitigation ,
Small and Medium-Sized Enterprises (SMEs) ,
Third-Party Risk ,
Third-Party Service Provider ,
UK
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more
9/9/2025
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Transfers ,
EDPS ,
EU ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Requirements ,
Transparency
Although they do not focus the minds of many organisations in the same way as multi-million euro enforcement actions, the importance of low-value, non-material damages claims under the GDPR has gathered steam since the...more
8/28/2025
/ Appeals ,
Appellate Courts ,
Court of Justice of the European Union (CJEU) ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Emotional Distress Damages ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
UK GDPR
As businesses and individuals in the UK continue to explore the possibilities offered by artificial intelligence, it should come as no surprise that the Government has also embraced AI. Increasing productivity in the civil...more
On June 22, 2025, Texas enacted the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), putting it at the forefront of state-level AI regulation in the United States. TRAIGA becomes effective January 1, 2026....more
6/25/2025
/ Artificial Intelligence ,
Biometric Information ,
Compliance ,
Deep Fake ,
Disclosure Requirements ,
Enforcement ,
Enforcement Actions ,
Government Agencies ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Penalties ,
Regulatory Requirements ,
Risk Management ,
Texas
Earlier this month, the European Commission released AI Literacy – Questions & Answers. The Q&As are a useful primer — both for organisations at the start of their literacy journey and those that, having taken steps to...more
5/21/2025
/ AI Act ,
Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Employees ,
Enforcement Actions ,
EU ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Training
On this episode of the R&G Tech Studio podcast, Rohan Massey, a leader of Ropes & Gray’s data, privacy and cybersecurity practice, is joined by data, privacy and cybersecurity counsel Edward Machin to discuss the AI literacy...more
Our clients are at the forefront of many of the developments covered by the report. That said, I couldn’t help thinking that the report overlooked a law that takes effect in less than six months’ time and which will have...more
On 30 November 2022, OpenAI made its ChatGPT generative artificial intelligence chatbot publicly available. In the two years since, its unprecedented growth has fostered a dramatic shift in public attention to and interest in...more