The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti)[1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). The post English Court of Appeal Rules on Compensation for Data Breaches appeared first on cyber/data/privacy insights.| cyber/data/privacy insights
Event summary The UK’s Data (Use and Access) Act 2025 has now received royal assent. This landmark legislation introduces targeted updates to the UK’s data protection framework, impacting everything from automated decision-making and scientific research to marketing practices and cookie compliance. Please join our partners for a concise 30-minute webinar as they highlight the keys […] The post What the UK’s New Data (Use and Access) Act Means for Your Business appeared first on cyber/...| cyber/data/privacy insights
Cooley partner Kristen Mathews‘ Law360 article argues that protecting neural privacy is essential – for both businesses and the human mind. Examining the evolving legal landscape surrounding neural data privacy in the United States, Mathews highlights recent legislation in Colorado, California, Montana and Connecticut regulating the handling of neural data as sensitive personal information. She […] The post Comparing New Neural Data Privacy Laws in 4 US States appeared first on cyber/da...| cyber/data/privacy insights
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) data security program, commonly known as the bulk data transfer rule, which prohibits individuals or entities from certain foreign countries, including China, from accessing certain types of sensitive data, and imposes onerous privacy and cybersecurity obligations for accessing other […] The post The DOJ’s Data Security Program – Understanding and Complying with the New Bulk Data Transfer Rule appea...| cyber/data/privacy insights
The UK’s Data (Use and Access) Act (DUA Act) has now received Royal Assent, introducing a series of targeted updates to the UK’s data protection framework in areas like artificial intelligence (AI) and research, while preserving alignment with core UK General Data Protection Regulation (GDPR) principles. The DUA Act is wide-ranging – covering everything from […] The post The Data (Use and Access) Act: What Businesses Need to Know appeared first on cyber/data/privacy insights.| cyber/data/privacy insights
The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. In a recent Cooley webinar, partner Patrick Van Eecke and associate Bartholomäus Regenhardt, members of the firm’s cyber/data/privacy practice, provided an overview of the EU AI Act’s phased implementation, compliance hurdles and the much-anticipated Code of Practice for general-purpose AI (GPAI) models. Here’s what...| cyber/data/privacy insights
Legal insight for market innovators| cyber/data/privacy insights
On March 24, 2025, Virginia Gov. Glenn Youngkin signed into law SB 754, amending the state’s Consumer Protection Act to prohibit businesses from| cyber/data/privacy insights
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that webinar. Over the past six months, the UK High Court has handed down a number of decisions with important implications for businesses, data controllers and individuals.| cyber/data/privacy insights
A new US Department of Justice (DOJ) rule on “Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern| cyber/data/privacy insights
The European Commission (EC) has released an updated version of the Model Contractual Clauses for AI Procurement (MCC-AI), providing further guidance for public-sector buyers navigating AI procurement under the European Union Artificial Intelligence Act (EU AI Act). However, these clauses also serve as a practical tool to help any private organisation meet their legal obligations when providing or procuring AI systems, particularly high-risk AI solutions.| cyber/data/privacy insights
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present| cyber/data/privacy insights
Welcome to our latest blog post, where we present the key insights from our first webinar of the series, “AI Talks: Understanding the EU AI Act.” This| cyber/data/privacy insights
Legal insight for market innovators about Policy & Legislation| cyber/data/privacy insights
What happened? In an attempt to address ongoing regulatory uncertainty about how the UK General Data Protection Regulation (UK GDPR) and UK Data| cyber/data/privacy insights
In the ever-evolving landscape of data protection and privacy, the General Data Protection Regulation (GDPR) stands as the most significant legislative| cyber/data/privacy insights
This blog post summarizes the key points presented by Cooley lawyers Patrick Van Eecke, Enrique Capdevila and Athina Gaki during the Cooley webinar, “New| cyber/data/privacy insights
On November 9, 2024, the five-person board of the California Privacy Protection Agency (CPPA) voted unanimously to adopt the proposed Data Broker| cyber/data/privacy insights
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025.| cyber/data/privacy insights
Legal insight for market innovators about Compliance, Risk & Strategy| cyber/data/privacy insights
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through the network” (covering personal information, “important data” and all other types of electronic data) and provide implementing […]| cyber/data/privacy insights
As our world becomes increasingly digital, the importance of cybersecurity has never been more critical. In the first blog post in our series for| cyber/data/privacy insights
In this first installment of our series on the automotive and mobility sector, Cooley cyber/data/privacy lawyers introduce the key data privacy legal| cyber/data/privacy insights
As our world becomes increasingly digital, the importance of cybersecurity has never been more critical. From personal devices to enterprise networks,| cyber/data/privacy insights
This blog post is part of our series on the European Union’s Artificial Intelligence (AI) Act. As we explained in our July 2024 blog post, the EU’s AI Act| cyber/data/privacy insights
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks –| cyber/data/privacy insights
On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require| cyber/data/privacy insights
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive| cyber/data/privacy insights
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the| cyber/data/privacy insights
On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing| cyber/data/privacy insights
There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike’s| cyber/data/privacy insights
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021| cyber/data/privacy insights
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20| cyber/data/privacy insights
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been| cyber/data/privacy insights
Key takeaways DORA – The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on January 16, 2023 and will take| cyber/data/privacy insights
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent| cyber/data/privacy insights
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and| cyber/data/privacy insights
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire| cyber/data/privacy insights
In December 2023, the Federal Trade Commission (FTC) announced a settlement with Rite Aid for the company’s use of facial recognition technology (FRT) in| cyber/data/privacy insights
With 8-K reporting obligations for “material” cybersecurity incidents under the new Securities and Exchange Commission (SEC) rules becoming effective as| cyber/data/privacy insights