The UK Government recently published its AI Governance and Regulation: Policy Statement (the “AI Statement”) setting out its proposed approach to regulating Artificial Intelligence (“AI”) in the UK. The AI Statement was published alongside the draft Data Protection and Digital
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
Special Category Data by Inference: CJEU significantly expands the scope of Article 9 GDPR
On August 1, 2022, the CJEU issued its ruling in Case 184/20 (OT v Vyriausioji tarnybinės etikos komisija) following a referral from the Lithuanian Regional Administrative Court. In this ruling, the CJEU elected to interpret the GDPR very broadly in…
Inside Privacy Audiocast: Episode 19 – New China Draft SCCs: How to Manage Your Cross-Border Data Transfers
On Episode 19 of Covington’s Inside Privacy Audiocast, Dan Cooper and and Yan Luo discuss the key provisions of China’s draft SCCs, compare the draft legislation with the GDPR, and talk through actions that companies should be considering in order…
Ireland Expands Leadership Structure of Data Protection Commission
The leadership of Ireland’s Data Protection Commission (“DPC”) is to be expanded to a three-person Commission, with the current Commissioner taking the lead role as Chair. The Irish Minister for Justice announced the decision on July 27, 2022, along with…
A Cautious Approach: the UK Government’s Data Protection and Digital Information Bill

On 18 July 2022, following its recent response to the public consultation on the reform of UK data protection law (see our blog post on the response here), the UK Government introduced its draft Data Protection and Digital Information…
California Privacy Protection Agency to Hold Special Meeting to Discuss Proposed Federal Privacy Legislation
The California Privacy Protection Agency (“CPPA”) announced it will hold a special meeting on July 28, 2022 at 9 a.m. PST to discuss and potentially act on proposed federal privacy legislation, including the bipartisan American Data Protection and Privacy Act…
UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act Agreement
In October 2019, the UK and U.S. Governments signed an agreement on cross-border law enforcement demands for data from Communication Service Providers (the “Agreement”, which we described in our earlier post here). Only now, however, have the two countries…
China Imposes $1.2 Billion Fine for Data Violations
On July 21, 2022, the Cyberspace Administration of China (“CAC”) – the country’s primary regulator for cybersecurity and privacy – imposed a fine of RMB 8.026 billion (around $1.2 billion USD) on China’s largest ride-hailing company for violating data protection…
Seventh Circuit Affirms Dismissal Of Class Claims Based Upon Speculative Hacking Risk
Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing. See…
Court Dismisses Class Claims Related to Cyber Vulnerability Embargo
After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities. The case, In Re Intel…