California Forges a New Path on Automated Decision-Making Technology, Risk Assessments, and Cybersecurity Audits

Introduction As the United States transitions to a new administration, federal policymaking is beginning to shift away from civil rights and other Biden-era AI governance priorities and towards AI policies focused on “out-innovating the rest of the world,” securing US technological advantage, and national security, defense, and cybersecurity. In the…

Read More

UK Ransomware Consultation: Government Moves to Rein in Attacks

On 14 January 2025, the UK government launched a public consultation on proposed legislative measures to combat the ever-increasing threat of ransomware. With these proposals, the UK government is seeking to step up its efforts to understand, deter and prosecute ransomware attacks by gathering more information from victims and undermining…

Read More

EU court orders damages for the unlawful transfer of personal data to the United States

Introduction In a judgment of January 8, 2025 (in Bindl v European Commission, Case T-354/22) (the “Judgment”) the EU General Court (the “Court”), the second highest court of the European Union (“EU”), ordered the European Commission (the “Commission”) to pay 400 EUR in damages to a German citizen (the “claimant”) for transferring…

Read More

The NIS 2 Era is Here: Are You Compliance-Ready?

With the deadline for Member States to transpose the European Union’s updated Network and Information Systems Directive (Directive (EU) 2022/2555) (“NIS 2” or “Directive”) into national law having passed on 18 October 2024, organisations operating in or servicing the EU market face significant new cybersecurity obligations. The revised Directive, which…

Read More

Latest EDPB Opinion: What You Need to Know About Using Processors and Sub-Processors

On October 9, 2024, the European Data Protection Board (“EDPB”) issued an Opinion 22/2024, offering guidance on the use of processors and sub-processors by controllers. Here are the key takeaways: If Your Business Acts as a Controller You Make the Final Call: Your processor might recommend using a particular sub-processor,…

Read More

Texas’ New Privacy Law Goes Into Effect – and Attorney General Builds Enforcement Team

Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town. On July 1, Texas’ Data Privacy and Security Act goes into effect as one of the strongest…

Read More

College Board Settles for $750,000 Penalty for Sharing and Selling Student Data in Violation of New York State’s Student Privacy Law

On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York…

Read More