AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
AI Talk With Juliana Neelbauer - Episode Three - Cybersecurity Insurance: Coverage Challenges and Changes
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Protect, Prepare, Prevail: Navigating a Complex Cybersecurity World
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Crafting an Effective Law Firm Generative AI Policy for Responsible Business Use: On Record PR
2025 Privacy Law Preview: Be Prepared
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
On 14 May 2025, the Brussels Court of Appeal (Market Court) delivered the long-awaited judgement in the case concerning the Transparency & Consent Framework (“TCF”) (case no. 2022/AR/292). The Court largely upheld the...more
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
This monthly report outlines key developments in China’s data protection sector for May. The following events merit special attention...more
On May 8 2025, the Swiss Federal Data Protection and Information Commissioner (FDPIC) confirmed that the Federal Act on Data Protection (FADP) is directly applicable to AI-supported data processing. The FDPIC clarified...more
Montana’s amendments also remove the cure period for alleged violations beginning in October, provide prescriptive methods through which businesses have to provide consumers with targeted advertising opt out rights, and...more
On May 8, 2025, the governor of Montana signed into law SB 297, which amends the Montana Consumer Data Privacy Act (MCDPA). The amendments become effective on October 1, 2025. Among other things, SB 297: • amends the...more
On April 28 2025, the Court of Justice of the European Union (CJEU) published an updated version of the fact sheet (the Fact Sheet) summarising key case law on protection of personal data. The Fact Sheet covers the case law...more
While Andrew Ferguson advocates for a restrained regulatory approach at the FTC, his statements and voting record reveal clear priority areas where businesses can expect continued vigorous enforcement. Two areas stand out in...more
If you are a compliance professional for a U.S.-based company, you have probably been told at some point that you have to worry about the General Data Protection Regulation (GDPR). Have you encountered one of these...more
While March featured a flurry of newly introduced comprehensive privacy bills, state legislatures now appear to be primarily focused on pushing existing proposals through the chambers. ...more
The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies....more
Life sciences companies have long been outside the scope of US national security regulations and benefited from significant exemptions under US privacy laws. ...more
The Information Commissioner's Office (ICO) has published its report alongside a press release following a review into the gathering and use of children's data in financial services, particularly from services supplying them...more
El pasado 20 de marzo de 2025 se publicó la nueva Ley Federal de Protección de Datos Personales en Posesión de los Particulares (“LFPDPPP”) que entró en vigor el 21 de marzo del presente año y que contiene importantes cambios...more
A new US Department of Justice (DOJ) rule on “Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern (including China) or Covered Persons” (rule) prohibits and restricts certain...more
The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more
On March 5, 2025, Regulation (EU) 2025/327 of the European Parliament and of the Council of February 11, 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (the Regulation)...more
In March 2023, Elon Musk and Steve Wozniak, along with other technology experts, signed an open letter asking that training powerful AI models be stopped until stronger AI governance laws could be developed. Two months later,...more
Malaysia issued a regulatory guideline for data breach notification in February 2025. This article discusses how the new regulation affects businesses in Malaysia. On 25 February 2025, Malaysia's Personal Data Protection...more
On March 20, 2025, the new Federal Law for the Protection of Personal Data held by Private Parties (LFPDPPP of 2025) was published in the Official Gazette of the Federation. The LFPDPPP of 2025 entered into force on March 21,...more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
The European Data Protection Board (EDPB) has launched its 2025 enforcement sweep targeting organizations’ compliance with data subjects’ right of erasure (right to delete or be forgotten), focusing particularly on how...more
Malaysia introduced a mandatory data protection officer appointment in February 2025. We discuss the implications of this new regulatory requirement for businesses operating in Malaysia....more
Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13,...more