On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of| cyber/data/privacy insights
On March 24, 2025, Virginia Gov. Glenn Youngkin signed into law SB 754, amending the state’s Consumer Protection Act to prohibit businesses from| cyber/data/privacy insights
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that webinar. Over the past six months, the UK High Court has handed down a number of decisions with important implications for businesses, data controllers and individuals.| cyber/data/privacy insights
A new US Department of Justice (DOJ) rule on “Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern| cyber/data/privacy insights
The European Commission (EC) has released an updated version of the Model Contractual Clauses for AI Procurement (MCC-AI), providing further guidance for public-sector buyers navigating AI procurement under the European Union Artificial Intelligence Act (EU AI Act). However, these clauses also serve as a practical tool to help any private organisation meet their legal obligations when providing or procuring AI systems, particularly high-risk AI solutions.| cyber/data/privacy insights
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present| cyber/data/privacy insights
Welcome to our latest blog post, where we present the key insights from our first webinar of the series, “AI Talks: Understanding the EU AI Act.” This| cyber/data/privacy insights
Legal insight for market innovators about Policy & Legislation| cyber/data/privacy insights
What happened? In an attempt to address ongoing regulatory uncertainty about how the UK General Data Protection Regulation (UK GDPR) and UK Data| cyber/data/privacy insights
In the ever-evolving landscape of data protection and privacy, the General Data Protection Regulation (GDPR) stands as the most significant legislative| cyber/data/privacy insights
This blog post summarizes the key points presented by Cooley lawyers Patrick Van Eecke, Enrique Capdevila and Athina Gaki during the Cooley webinar, “New| cyber/data/privacy insights
On November 9, 2024, the five-person board of the California Privacy Protection Agency (CPPA) voted unanimously to adopt the proposed Data Broker| cyber/data/privacy insights
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025.| cyber/data/privacy insights
Legal insight for market innovators about Compliance, Risk & Strategy| cyber/data/privacy insights
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through the network” (covering personal information, “important data” and all other types of electronic data) and provide implementing […]| cyber/data/privacy insights
As our world becomes increasingly digital, the importance of cybersecurity has never been more critical. In the first blog post in our series for| cyber/data/privacy insights
In this first installment of our series on the automotive and mobility sector, Cooley cyber/data/privacy lawyers introduce the key data privacy legal| cyber/data/privacy insights
As our world becomes increasingly digital, the importance of cybersecurity has never been more critical. From personal devices to enterprise networks,| cyber/data/privacy insights
This blog post is part of our series on the European Union’s Artificial Intelligence (AI) Act. As we explained in our July 2024 blog post, the EU’s AI Act| cyber/data/privacy insights
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and| cyber/data/privacy insights
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice| cyber/data/privacy insights
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks –| cyber/data/privacy insights
On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require| cyber/data/privacy insights
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive| cyber/data/privacy insights
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the| cyber/data/privacy insights
On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing| cyber/data/privacy insights
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s| cyber/data/privacy insights
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021| cyber/data/privacy insights
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20| cyber/data/privacy insights
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been| cyber/data/privacy insights
Key takeaways DORA – The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on January 16, 2023 and will take| cyber/data/privacy insights
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent| cyber/data/privacy insights
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and| cyber/data/privacy insights
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire| cyber/data/privacy insights
A flood of class action lawsuits have been filed against companies alleging violations of New Jersey’s Daniel’s Law. The statute – enacted after the son| cyber/data/privacy insights
In December 2023, the Federal Trade Commission (FTC) announced a settlement with Rite Aid for the company’s use of facial recognition technology (FRT) in| cyber/data/privacy insights
Without much fanfare, the Washington attorney general’s office updated its My Health My Data (MHMD) Act guidance FAQ in January 2024. Specifically, the| cyber/data/privacy insights
Authored by Patrick Van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila this article was originally published in Privacy Laws & Business| cyber/data/privacy insights
In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that| cyber/data/privacy insights
With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as| cyber/data/privacy insights
