Proposals grant controllers increased flexibility for automated decision-making, provided suitable safeguards are implemented.
By Fiona Maclean, Gail Crawford, Amy Smyth, and Lorenzo Meusburger
On 23 October 2024, the UK government introduced the Data (Use and Access) Bill (the Bill) to Parliament, marking a significant step in the evolution of the country’s data protection landscape. It follows previous…
The Regulations, which took effect on January 1, 2025, reiterate and clarify existing requirements and introduce new ones on privacy and network data security.
By Hui Xu and Bianca H. Lee
On September 30, 2024, the PRC State Council released the finalized Regulations on Network Data Security Management (Regulations), concluding a three-year consultation process since the initial draft in 2021.…
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO.
By Gail Crawford, Fiona Maclean, Myria Saarinen, Tim Wybitul, Alice Brunning, and Calum Docherty
On 8 October 2024, the European Data Protection Board (EDPB) released draft Guidelines 1/2024 (the Guidelines) setting out its…
The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation.
By Christian F. McDermott and Alain Traill
With effect from 17 January 2025, a broad range of EU financial entities will be subject to the new EU regulation on digital operational resilience for the financial sector…
Considerations for UK and US companies that are already or considering relying on the UK-US Data Bridge for personal data transfers.
By Fiona M. Maclean and Clayton Northouse
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information…
Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline.
By Robert Blamires, Laura Ferrell, Daniel Filstrup, Jennifer Howes, and Sarah Zahedi
The Securities and Exchange Commission (SEC) recently1 adopted amendments to Regulation S-P that expand the scope of requirements applicable to brokers, dealers, investment…
The Act establishes the world’s first comprehensive regulatory framework for AI, and is expected to shape the future of AI regulation and governance both within and beyond the EU.
By Elisabetta Righini, Hanno F. Kaiser, Tim Wybitul, Fiona M. Maclean, and Michael H. Rubin
After three years of legislative debate, the Council of the European Union…
Businesses need to be proactive in updating their compliance measures to meet the ever-evolving set of privacy laws and regulatory expectations in 2024 and beyond.
By Michael H. Rubin, Robert W. Brown, Max G. Mazzelli, Jennifer Howes, and Sarah Zahedi
Following the notable uptick in state-level privacy laws in 2023, a wave of new comprehensive state…
Understanding the ICO’s approach to assessing financial penalties should be a key element of an organisation’s data protection strategy and risk profile.
By James Lloyd and Sami Qureshi
In an era when data protection infringements can tarnish business reputations overnight, understanding the financial ramifications is more crucial than ever. The UK’s Information Commissioner’s Office (ICO) recently unveiled its much-anticipated updated…
The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September.
By Brian A. Meenagh and Lucy Tucker
The Personal Data Protection Law (PDPL) is the first comprehensive data protection law in Saudi Arabia. The Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to start full enforcement of the PDPL from…
The proposed amendments are expansive and would significantly affect how companies comply with the Children’s Online Privacy Protection Act.
By Jennifer C. Archie, Marissa R. Boynton, Michael H. Rubin, Gabriela Aroca Montaner, Samantha M. Laufer, and Molly Whitman
Key Points:
The proposed amendments, which clarify or expand many of the COPPA Rule’s existing provisions, would…
The amended rules follow the Biden Administration’s “whole of government” approach to maximizing notifications to executive agencies of cybersecurity events.
By Jennifer C. Archie, Matthew A. Brill, Gabriela Aroca Montaner, Chad Kenney, and Molly Whitman
On December 21, 2023, a divided Federal Communications Commission (FCC or the Commission) released a Report and Order updating its data…
