Compliance Perspectives: Rolling Out New Compliance Initiatives
Illegal content safety duties came into full effect on 17 March 2025, shortly followed by children’s access assessment requirements. The UK Online Safety Act (OSA) establishes an extensive regulatory framework for...more
Exactly one year from now, on September 12, 2025, the EU Data Act will enter into application. This new regulation provides harmonized rules on data access, switching cloud providers, and interoperability requirements across...more
يُعد نظام حماية البيانات الشخصية (النظام) أول نظام شامل لحماية البيانات في المملكة العربية السعودية. من المتوقع أن تبدأ الهيئة السعودية للبيانات والذكاء الاصطناعي (الهيئة) في الإنفاذ الكامل للنظام اعتبارًا من 14 سبتمبر 2024،...more
The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September. The Personal Data Protection Law (PDPL) is the first comprehensive data...more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
This year has proven to be a turning point in the U.S. data protection law landscape with California’s amended data protection law coming into effect and Colorado’s, Connecticut’s, and Virginia’s data protection laws joining...more
The updated California data protection law itself is now in effect and enforceable as of July 1, 2023; however, enforcement of the regulations—which clarify key provisions of the law—is delayed. Just before full...more
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
As the calendar turns to a new year, the United States data protection law will also make a turn towards more states implementing and enforcing new data protection laws impacting a business’s collection, use, and disclosure...more
On 10 November 2022, the European Parliament approved the Network and Information Security 2 Directive ("NIS 2"), moving a step closer to expanding the scope of the Network and Information Security ("NIS") Directive, the EU's...more
In 2023, a number of state data protection laws will be coming into effect and a number of entities who previously were not subject to data security and data privacy obligations will soon be within the scope of these laws....more
In May 2017, the world of data privacy was irreparably changed when four members of the Chinese military hacked into credit-reporting company Equifax, exposing the personal information of nearly 150 million Americans. The...more