The Digital Download provides a quarterly snapshot of emerging issues at the intersection of privacy, cybersecurity, and data strategy. It brings together Alston & Bird’s thought leadership, publications, events, and firm...more
On September 11, 2025, the European Data Protection Board (EDPB) adopted guidelines on the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR)....more
2/6/2026
/ Automated Decision Systems (ADS) ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Digital Services ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
Online Platforms ,
Personal Data ,
Regulatory Requirements ,
Transparency
The UK Data (Use and Access) Act 2025 makes major changes to UK data protection law, including the UK General Data Protection Regulation (UK GDPR). ...more
Selected U.S. Privacy & Cyber Updates - SEC Dismisses Remaining Claims Against SolarWinds - On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp....more
12/8/2025
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Brokers ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Proposed Legislation ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Websites
The UK Government has introduced the Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament, marking the most significant update to the UK’s cyber legislation since 2018. You can...more
12/1/2025
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Data Centers ,
EU ,
National Security ,
New Legislation ,
Proposed Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
UK
The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats....more
Boards in the United States, United Kingdom, and European Union face increasing pressure to oversee cybersecurity risks amid evolving regulatory expectations. Our Privacy, Cyber & Data Strategy Team highlights key resources,...more
On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security...more
10/23/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Incident Response Plans ,
Information Commissioner's Office (ICO) ,
Ransomware ,
Risk Management ,
UK ,
UK GDPR
The EU’s sweeping Data Act is now in force. In this part of our series highlighting the Data Act’s key issues, our Privacy, Cyber & Data Strategy Team highlights new obligations for companies whose connected products collect...more
9/22/2025
/ Connected Cars ,
Data Collection ,
Data Privacy ,
EU ,
Internet of Things ,
Manufacturers ,
New Legislation ,
Portability ,
Regulatory Requirements ,
Right-To-Access ,
Transparency
The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the...more
This advisory is part of a series that summarises the key issues arising from the introduction of the Data Act. See: On September 12, 2025, the obligations introduced under the EU’s Data Act (Regulation 2023/2854) become...more
9/18/2025
/ Cloud Service Providers (CSPs) ,
Contract Terms ,
Data Management ,
Data Transfers ,
Digital Assets ,
Enforcement Actions ,
EU ,
Information Technology ,
New Legislation ,
Regulatory Requirements ,
Transparency
Microsoft Announces Two New On-Premises SharePoint Vulnerabilities - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and relate to...more
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more
In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an...more
On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK...more
The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here....more
Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors...more
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found...more