Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part...more
On June 2, 2025, the New Jersey Division of Consumer Affairs (the “Division”), alongside the Office of the Attorney General, announced proposed rules (the “Proposed Rules”) to implement the New Jersey Data Privacy Act...more
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
New Jersey’s Office of Consumer Protection has prepared proposed rules for the New Jersey Data Privacy Act (NJDPA) (Proposed Rules). While the bulk of the Proposed Rules consist of recitations of the obligations found in the...more
While most state legislatures are wrapping up their legislative sessions with little fanfare, Massachusetts appears to just be getting started. On May 12, 2025, the Bay State introduced the Massachusetts Data Privacy Act (S...more
Negotiating a data processing agreement (DPA) is typically a necessary step when engaging vendors that handle personal data. However, these negotiations have become time consuming and complex, given the evolving privacy...more
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that...more
On April 8, the National Security Division of the U.S. Department of Justice’s (DOJ) new rule on cross-border data transfers takes effect. It restricts U.S. businesses from transferring certain bulk sensitive personal data to...more
On March 20, 2025, the evening edition of the Federal Official Gazette published a decree (the "Decree") enacting the General Law on Transparency and Access to Public Information ("LGTAIP"), the General Law on the Protection...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
The old saying goes, “Don’t mess with Texas.” The same can be said of the Texas Privacy Act. The Texas Department of Information Resources recently issued an implementation status for the act....more
The New Jersey Data Protection Act (NJDPA), N.J. Stat. § 56:8-166.4 et seq., will go into effect on January 15, 2025, as New Jersey joins eighteen other states with comprehensive data privacy laws. ...more
Bermuda, the British Virgin Islands (“BVI”) and the Cayman Islands have each introduced data protection regimes in recent years which align with global data protection standards. It is therefore increasingly important for...more
On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used...more
As part of our Cybersecurity Awareness Month program of events, we hosted our inaugural Cybersecurity Forum on October 1 at our London office and online. Compèred by Ffion Flockhart, global head of cybersecurity, the day’s...more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
Four years after the Brazilian General Data Protection Law (LGPD) came into force, Brazil’s Superior Court of Justice (STJ) recently issued a list of precedents exploring how the court applied the law and addressed the...more
Las compañías que hacen negocios en México deben revisar las políticas y prácticas pertinentes para asegurarse de que se alinean al marco integral de privacidad de datos del país. Específicamente, querrá evaluar sus avisos de...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
The Knesset Constitution, Law, and Justice Committee has approved an amendment to the Israeli Privacy Protection Law (PPL). The amendment proposes extensive changes to the PPL, including granting additional enforcement powers...more
On July 1, 2024, a new wave of state consumer privacy laws will go into effect in Florida, Oregon, and Texas, ushering in additional obligations for companies. This wave of new laws will be closely followed by a Montana...more
Prior to the legislature closing on May 8, Colorado lawmakers passed SB 41, which amends the Colorado Privacy Act (CPA) to add protections for children’s data privacy. If signed into law by Colorado Governor Jared Polis, it...more
Introduction - Below is a brief outline of the legal regulation of personal protection in Ukraine. Governing Data Protection Legislation - 2.1. Overview of principal legislation - The main legal act governing...more
Maryland will soon have some of the strictest data protection and privacy requirements in the nation after the Maryland Online Data Privacy Act of 2024 (MODPA) was signed into law by Gov. Wes Moore last week....more