SkadBytes Podcast | The EU Data Act: How New Rules Could Reshape Access, Control and Competition in the Data Economy
JONES DAY TALKS®: Real Assets Roundup Episode 2: A First Look at Data Centers: The Fourth Utility
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Life With GDPR - Data Transfer Update
Life with GDPR - Data Transfers from EU/UK to US
Everything Compliance - The Elon Etc Edition
Interview With Ayesha Minhaj, Google - Digital Planning Podcast
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Happy Data Privacy Week 2026, and welcome to the Winter 2026 issue of Blakes Data Governor, published by the Blakes Privacy & Data Protection group. Blakes Data Governor provides actionable insights and practical overviews of...more
Since 2020, South Korea and Japan have reshaped privacy enforcement in ways that directly affect global businesses. South Korea’s Personal Information Protection Commission (PIPC) drives an enforcement-first regime with...more
Without fail, each new year brings regulatory shifts and plaintiffs’-bar activity that push data, privacy, and cybersecurity in unexpected directions. As we look ahead to 2026, our Data, Privacy, and Cybersecurity Group is...more
Antitrust enforcers in the United States, United Kingdom, and European Union have opened investigations into the pricing and contractual practices of major cloud service providers, citing concerns that certain terms may...more
The EU Data Act (Regulation (EU) 2023/2854), applicable from September 12, 2025, introduces a comprehensive legal framework aimed at enhancing data portability, interoperability, and minimizing dependency on individual...more
This monthly report outlines key developments in China’s data protection sector for November. The following events merit special attention:...more
After legal review following the expected notification date at the end of September, India's government has notified the Digital Personal Data Protection Rules, 2025 ("Final Rules") under the Digital Personal Data Protection...more
On October 28 2025, the European Data Protection Supervisor (EDPS), in its capacity as the EU’s independent data protection supervisory authority (rather than market surveillance authority under the EU AI Act), issued...more
Want to learn more about drafting, negotiating, and understanding intellectual property and technology contracts and have 10 minutes to spare? Grab your morning coffee or afternoon tea and dig into our Tech Contract Quick...more
The Court of Justice of the European Union (ECJ) has issued a landmark decision in European Data Protection Supervisor v Single Resolution Board (C-413/23 P), narrowing the circumstances in which pseudonymised data is...more
The lengthy and complex “Bulk Data Transfer Rule,” more formally known as the “Rule Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” may apply to...more
The EU Data Act is poised to shake up the digital economy, but what does it really mean for businesses? In the latest episode of our “SkadBytes” podcast, host Deborah Kirk is joined by associates Alistair Ho and Emily Griffin...more
A thorny issue for companies has been how to handle data derived from personal information. Is it still personal information? Do privacy laws apply? The EU Court of Justice of grappled with this issue in a September decision....more
Higher education institutions face unique data privacy and cybersecurity challenges. They are at the forefront of technological and research innovation and have become an increasingly attractive target for cybersecurity...more
The U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is in effect. That includes, as of Oct. 6, 2025, the requirements on due diligence and compliance. What does this mean?...more
On September 4 2025, the Court of Justice of the EU (CJEU) delivered its judgment in the case C-413/23 P, EDPS v SRB. The CJEU clarified the scope of the concept of personal data in the context of a transfer of pseudonymised...more
The EU Data Act, which became effective on September 12, 2025, imposes new requirements on providers of “data processing services”, a category that includes Infrastructure as a Service (IaaS), Platform as a service (PaaS),...more
This advisory is part of a series that summarises the key issues arising from the introduction of the Data Act. See: On September 12, 2025, the obligations introduced under the EU’s Data Act (Regulation 2023/2854) become...more
When the European Central Bank declared the Spanish bank, Banco Popular Español, as "failing or likely to fail" in 2017, the Single Resolution Board (SRB) stepped in to resolve the issue by announcing the transfer of all...more
The CJEU rules that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more
In a sweeping move to bolster national security and safeguard sensitive information, the U.S. Department of Justice (DOJ) has introduced a transformative regulation: the Bulk Data Transfer Rule. ...more
As the Summer of Privacy fades into fall, California is—unsurprisingly—in the privacy news. The California Privacy Protection Agency (CPPA) succeeded in finalizing proposed regulations under the California Consumer Privacy...more
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more