DOJ emphasizes need to come into full compliance with its new rule by July 8.
By Jennifer Archie, Heather B. Deixler, Clayton Northouse, Michael Rubin, Max Mazzelli, Brianna Gordon, and Kiara Vaughn
On April
The draft law proposes a data embassy ecosystem and comprehensive framework in Saudi Arabia, promoting its position as a global AI hub.
By Brian Meenagh, Ksenia Koroleva, and Faisal Imam*
On April 14, 2025, Saudi Arabia’s Communications,
The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies.
By Deniz Tschammler, Danielle van der Merwe, Oliver Mobasser
On 5 March 2025, Regulation
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom.
By Brian Meenagh, Calum Docherty, Faisal Imam,* and Ksenia Koroleva
The Saudi Data
Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another.
By Gail Crawford, Fiona M. Maclean, Myria Saarinen, Tim Wybitul, Isabelle Brams,
The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity.
Proposals grant controllers increased flexibility for automated decision-making, provided suitable safeguards are implemented.
By Fiona Maclean, Gail Crawford, Amy Smyth, and Lorenzo Meusburger
On 23 October 2024, the UK government introduced the Data (Use and Access) Bill
The Regulations, which took effect on January 1, 2025, reiterate and clarify existing requirements and introduce new ones on privacy and network data security.
By Hui Xu and Bianca H. Lee
On September 30, 2024, the PRC State Council released
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO.
By Gail Crawford, Fiona Maclean, Myria Saarinen, Tim Wybitul, Alice Brunning, and Calum
The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation.
By Christian F. McDermott and Alain Traill
With effect from 17 January 2025, a broad range