Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
Want to learn more about drafting, negotiating, and understanding intellectual property and technology contracts and have 10 minutes to spare? Grab your morning coffee or afternoon tea and dig into our Tech Contract Quick...more
Pennsylvania could soon join the growing list of states to enact comprehensive data privacy laws, and businesses that operate in PA must take note. Earlier this month, the commonwealth’s House passed a bipartisan consumer...more
Does your organisation see an uptick in data subject access requests whenever the story of a high-profile individual exercising their data protection rights makes the headlines? DSARs are a real leveller. Whether the...more
A growing number of U.S. states are requiring businesses to offer mechanisms in their privacy policies or online interfaces to allow individuals to "opt out" of data collection. However, in increasing numbers, many states are...more
The rules provide further guidance to controllers subject to the law’s children’s privacy protections. ...more
On March 24, 2022, Utah became the fourth state to enact comprehensive consumer privacy legislation when Governor Spencer Cox signed S.B. 227 into law. The Utah Consumer Privacy Act (UCPA or the Act) took effect on December...more
On 4 September 2025, the Court of Justice of the European Union (CJEU) delivered a ruling in EDPS v. SRB (Case C-413/23 P) that clarified how the EU General Data Protection Regulation (GDPR) applies to pseudonymised data. ...more
Rhode Island businesses and any company with Rhode Island customers are officially on the clock. The Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA” or “the Act”) takes effect January 1, 2026, meaning...more
When the European Central Bank declared the Spanish bank, Banco Popular Español, as "failing or likely to fail" in 2017, the Single Resolution Board (SRB) stepped in to resolve the issue by announcing the transfer of all...more
The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more
The number of instances in which businesses must conduct risk assessments and impact assessments under state privacy and AI laws has exploded. In recent months, California and Connecticut have added additional — and...more
Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher...more
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more
On 4 September, the ECJ handed down a major and eagerly awaited decision on the scope of personal data, accepting the point that pseudonymised data may be anonymised in the hands of a third party. The ECJ’s approach is...more
On September 4, 2025, the Court of Justice of the European Union (“CJEU”), delivered its judgment in European Data Protection Supervisor ("EDPS") v. Single Resolution Board ("SRB") (C-413/23 P). The decision clarifies two...more
On 18 July 2025, China’s Cyberspace Administration (CAC) officially launched its online portal (Portal) for registration of China Data Protection Officers (China DPO). This operationalizes the requirements under Article 52 of...more
Amendment 13, which significantly updates privacy laws in Israel, has come into effect! If you still don’t know what to do to comply with the requirements, we’ve prepared a guide to help you address the main issues (not all...more
July 1 marked the official enforcement date of the Tennessee Information Protection Act (TIPA), the state’s comprehensive consumer privacy law. Signed into law in 2023, TIPA grants consumers specific rights concerning their...more
What started as a flurry when California included protections for data about known teens in its 2018 privacy law soon became a blizzard. State after state passed new protections for teens into their own privacy laws, with...more
In a decision issued on 18 July 2025 against Google LLC, the Personal Data Protection Office (PDPO) has affirmed that the data protection compliance obligations under Ugandan law apply to all entities that handle the personal...more
Starting today, July 31, 2025, the Minnesota Consumer Data Privacy Act (“MCDPA”) officially takes effect. Signed by Governor Tim Walz in May 2024, this act majorly affects how the personal data of Minnesota residents is...more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves...more
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
With the Minnesota Consumer Privacy Act (MCPA), which takes effect July 31, 2025, Minnesota now joins the many other states, like California, that have passed laws granting enhanced data privacy rights to individuals. ...more