The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti)[1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). The post English Court of Appeal Rules on Compensation for Data Breaches appeared first on cyber/data/privacy insights.| cyber/data/privacy insights
Event summary The UK’s Data (Use and Access) Act 2025 has now received royal assent. This landmark legislation introduces targeted updates to the UK’s data protection framework, impacting everything from automated decision-making and scientific research to marketing practices and cookie compliance. Please join our partners for a concise 30-minute webinar as they highlight the keys […] The post What the UK’s New Data (Use and Access) Act Means for Your Business appeared first on cyber/...| cyber/data/privacy insights
Cooley partner Kristen Mathews‘ Law360 article argues that protecting neural privacy is essential – for both businesses and the human mind. Examining the evolving legal landscape surrounding neural data privacy in the United States, Mathews highlights recent legislation in Colorado, California, Montana and Connecticut regulating the handling of neural data as sensitive personal information. She […] The post Comparing New Neural Data Privacy Laws in 4 US States appeared first on cyber/da...| cyber/data/privacy insights
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) data security program, commonly known as the bulk data transfer rule, which prohibits individuals or entities from certain foreign countries, including China, from accessing certain types of sensitive data, and imposes onerous privacy and cybersecurity obligations for accessing other […] The post The DOJ’s Data Security Program – Understanding and Complying with the New Bulk Data Transfer Rule appea...| cyber/data/privacy insights
The UK’s Data (Use and Access) Act (DUA Act) has now received Royal Assent, introducing a series of targeted updates to the UK’s data protection framework in areas like artificial intelligence (AI) and research, while preserving alignment with core UK General Data Protection Regulation (GDPR) principles. The DUA Act is wide-ranging – covering everything from […] The post The Data (Use and Access) Act: What Businesses Need to Know appeared first on cyber/data/privacy insights.| cyber/data/privacy insights
The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. In a recent Cooley webinar, partner Patrick Van Eecke and associate Bartholomäus Regenhardt, members of the firm’s cyber/data/privacy practice, provided an overview of the EU AI Act’s phased implementation, compliance hurdles and the much-anticipated Code of Practice for general-purpose AI (GPAI) models. Here’s what...| cyber/data/privacy insights
On March 24, 2025, Virginia Gov. Glenn Youngkin signed into law SB 754, amending the state’s Consumer Protection Act to prohibit businesses from| cyber/data/privacy insights
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that webinar. Over the past six months, the UK High Court has handed down a number of decisions with important implications for businesses, data controllers and individuals.| cyber/data/privacy insights
A new US Department of Justice (DOJ) rule on “Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern| cyber/data/privacy insights
The European Commission (EC) has released an updated version of the Model Contractual Clauses for AI Procurement (MCC-AI), providing further guidance for public-sector buyers navigating AI procurement under the European Union Artificial Intelligence Act (EU AI Act). However, these clauses also serve as a practical tool to help any private organisation meet their legal obligations when providing or procuring AI systems, particularly high-risk AI solutions.| cyber/data/privacy insights
