Global Privacy & Security Compliance Law Blog

Commentary on Global Privacy and Security Issues of Today

Latest from Global Privacy & Security Compliance Law Blog

Proposals grant controllers increased flexibility for automated decision-making, provided suitable safeguards are implemented.

By Fiona Maclean, Gail Crawford, Amy Smyth, and Lorenzo Meusburger

On 23 October 2024, the UK government introduced the Data (Use and Access) Bill (the Bill) to Parliament, marking a significant step in the evolution of the country’s data

The Regulations, which took effect on January 1, 2025, reiterate and clarify existing requirements and introduce new ones on privacy and network data security.

By Hui Xu and Bianca H. Lee

On September 30, 2024, the PRC State Council released the finalized Regulations on Network Data Security Management (Regulations), concluding a three-year consultation process since

The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO.

By Gail Crawford, Fiona Maclean, Myria Saarinen, Tim Wybitul, Alice Brunning, and Calum Docherty

On 8 October 2024, the European Data Protection Board (EDPB) released draft Guidelines 1/2024

Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline.

By Robert Blamires, Laura Ferrell, Daniel Filstrup, Jennifer Howes, and Sarah Zahedi

The Securities and Exchange Commission (SEC) recently1 adopted amendments to Regulation S-P that expand the scope of requirements

Understanding the ICO’s approach to assessing financial penalties should be a key element of an organisation’s data protection strategy and risk profile.

By James Lloyd and Sami Qureshi

In an era when data protection infringements can tarnish business reputations overnight, understanding the financial ramifications is more crucial than ever. The UK’s Information Commissioner’s Office (ICO)

The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September.

By Brian A. Meenagh and Lucy Tucker

The Personal Data Protection Law (PDPL) is the first comprehensive data protection law in Saudi Arabia. The Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to start full