The Court of Justice of the European Union (CJEU) has delivered its judgment on case C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB). The CJEU has confirmed that pseudonymised data will not be personal data in all cases. This will be a welcome confirmation for innovative uses of data, including training AI models. The question... Continue Reading| Data Protection Report
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Dutch DPA) recently published a report on personal data breaches, which provides valuable insights into the Dutch DPA’s views on incident response. It also contains some helpful statistics. Increase in follow-up action by the Dutch DPA It is clear from the report that the Dutch DPA is still... Continue Reading| Data Protection Report
Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector is regulated, with the aim of promoting financial system stability. Continue reading Continue Reading| Data Protection Report
Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful| Data Protection Report
Several U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections| Data Protection Report
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent. In the consent order, Healthplex agreed to pay NYDFS $2 million and to change some... Continue Reading| Data Protection Report
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer| Data Protection Report
On July 23, 2025, the White House released a sweeping new policy framework titled “Winning the AI Race: America’s AI Action Plan” (the “Plan”), describing the federal government’s approach to artificial intelligence (“AI”). This initiative, developed under the executive order, “Removing Barriers to American Leadership in AI,” outlines a plan relating to various aspects of... Continue Reading| Data Protection Report
Discover how artificial intelligence is reshaping the future of mergers and acquisitions. From identifying strategic opportunities to streamlining due diligence and enhancing contract negotiations, AI is revolutionizing every stage of the M&A process. This article explores the tangible advantages of integrating AI into dealmaking—efficiency, precision, and smarter decision-making. Read the full article to learn how organizations can leverage... Continue Reading| Data Protection Report
The Data (Use and Access) Act (DUAA) received Royal Assent on 19 June 2025. The DUAA enacts the changes to the UK’s data protection regime that have been contemplated since the Data: a new direction consultation in 2021. This article looks to help organisations who are subject to the UK’s post Brexit assimilated General Data... Continue Reading| Data Protection Report
As organisations continue with their roll-out of AI, the global regulatory landscape is becoming increasingly complex. AI-specific laws like| Data Protection Report
On March 21, the Ontario’s Bill 149, Working for Workers Four Act, 2024 (“Bill 149”) received Royal Assent.| Data Protection Report
On June 13, 2024, the California Attorney General announced a $6.75 million judgment against Blackbaud regarding its data breach from 2020. (We had| Data Protection Report
In 2024, many organisations have been eager to look at how they can use the data they hold to debut or build on their artificial intelligence (AI)| Data Protection Report
On August 13, 2024, the New York Attorney General announced a settlement agreement, along with the Attorneys General of Connecticut and New Jersey, with| Data Protection Report
On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill| Data Protection Report
Co-written by Swaathi Balajawahar, Trainee Solicitor Introduction On 23 May 2024, the European Data Protection Board (EDPB) issued Opinion 11/2024 on the| Data Protection Report
The EU AI Act was entered into the EU’s statute books on July 12, 2024. A transition period will begin from 1 August when it enters into force. The| Data Protection Report
On June 18, 2024, the California Attorney General and Los Angeles City Attorney filed a complaint and stipulated final judgment (including a $500,000| Data Protection Report
On May 24, 2024, the Minnesota Governor signed the Minnesota Consumer Data Privacy Act (“MCDPA”), making Minnesota the eighteenth state to enact a| Data Protection Report
