On 4 November 2025, the High Court of England and Wales (the Court) handed down its long-awaited judgment in Getty Images v. Stability AI,Getty Images (US) Inc & Ors v. Stability AI Limited [2025] EWHC 2863 (Ch). a case...more
11/14/2025
/ Artificial Intelligence ,
Copyright ,
Copyright Infringement ,
Copyright Litigation ,
Corporate Counsel ,
Getty Images ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
Machine Learning ,
Technology ,
Trademark Infringement ,
Trademarks ,
UK
California enacts more than a dozen AI laws, including ones that impose new obligations on frontier developers in the name of greater transparency....more
10/16/2025
/ Artificial Intelligence ,
California ,
Corporate Counsel ,
Enforcement Actions ,
Government Agencies ,
New Legislation ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Transparency
In this episode of Connected With Latham, London partner Fiona Maclean, Paris partner Jean-Luc Juhan, and London counsel Alain Traill discuss significant new switching requirements due to take effect for data processing...more
The CJEU rules that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
9/16/2025
/ Anonymization ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Data-Sharing ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Transparency
The Act presents a significant overhaul of European data law, affecting most companies that handle digital products and connected services, and data processing services, in the EU....more
9/15/2025
/ Class Action ,
Cloud Service Providers (CSPs) ,
Contract Terms ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Digital Platforms ,
Digital Services ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
New Legislation ,
Regulatory Requirements
The code covers transparency, copyright compliance, and management of systemic risks for providers of GPAI models....more
9/5/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Copyright ,
EU ,
EU Directive ,
Machine Learning ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Transparency
In the rapidly evolving landscape of European tech regulation, the Data Act introduces changes with the potential to reshape established market dynamics, presenting significant challenges and opportunities for affected...more
8/20/2025
/ Cloud Service Providers (CSPs) ,
Data Privacy ,
Data Processing Rules ,
Data Processors ,
Data Protection ,
Digital Assets ,
EU ,
New Legislation ,
Regulatory Requirements ,
Service Contracts ,
Technology ,
Technology Sector
The plan seeks to limit AI regulation at the federal and state level, encourages rapid development of AI infrastructure, and warns against ideological bias in models....more
8/1/2025
/ Artificial Intelligence ,
Bias ,
Critical Infrastructure Sectors ,
Diversity and Inclusion Standards (D&I) ,
Executive Orders ,
Export Controls ,
Infrastructure ,
Innovation ,
Machine Learning ,
National Security ,
New Legislation ,
NIST ,
Open Source Software ,
Regulatory Reform ,
Trump Administration
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice.
The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
7/28/2025
/ Adequacy Requirement ,
Amended Legislation ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
UK
The technology and digital regulatory environment in the EU and the UK is experiencing significant evolution in 2025 and beyond. These legal developments present both significant opportunities and complex compliance...more
7/17/2025
/ AI Act ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
EU ,
New Legislation ,
Online Safety for Children ,
Popular ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology ,
Technology Sector ,
UK
In the next phase of Online Safety Act implementation, children’s safety duties and related codes of practice will come into full effect on 25 July 2025....more
An overhaul of the UK consumer law landscape is on the horizon, with the consumer law provisions of the Digital Markets, Competition and Consumers Act 2024 set to take effect on 6 April 2025....more
4/7/2025
/ Antitrust Provisions ,
Consumer Contracts ,
Consumer Protection Laws ,
Enforcement ,
Enterprise Act 2002 ,
New Legislation ,
New Regulations ,
Regulatory Requirements ,
Subscription Services ,
UK ,
UK Competition and Markets Authority (CMA)
Illegal content safety duties came into full effect on 17 March 2025, shortly followed by children’s access assessment requirements.
The UK Online Safety Act (OSA) establishes an extensive regulatory framework for...more
Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
2/20/2025
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Legal Opinion ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Transparency
The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more
2/20/2025
/ Affiliates ,
Civil Monetary Penalty ,
Corporate Fines ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Privacy Laws
The EU AI Act came into effect on 1 August 2024, and the first obligations under the Act will become applicable from 2 February 2025. Providers and deployers of AI systems must ensure that their employees and contractors...more
The Draft Code sets out various obligations relating to transparency, copyright compliance, and management of systemic risks for providers of GPAI models....more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
The new regime will take effect on 1 January 2025, but will not diminish the responsibilities of financial services firms relying on the services of critical third parties....more
11/20/2024
/ Bank of England ,
Final Rules ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Services Industry ,
FSMA ,
HM Treasury ,
Prudential Regulation Authority (PRA) ,
Regulatory Requirements ,
Third-Party ,
Third-Party Risk ,
Third-Party Service Provider ,
UK
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
The Online Safety Act (the OSA) received Royal Assent on 26 October 2023 and is now in force.
The OSA establishes an extensive regulatory framework for providers of online user-to-user services and search services with...more
8/16/2024
/ Compliance ,
Compliance Dates ,
Digital Service Providers ,
Digital Services ,
Enforcement ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Online Safety for Children ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
After three years of legislative debate, the Council of the European Union cast its final vote on the European Union (EU) Artificial Intelligence (AI) Act on 21 May 2024. Once published in the EU Official Journal in June, the...more