Regulation

Subscribe to Regulation

On June 18, 2023, Governor Greg Abbott signed into law the Texas Data and Privacy Security Act (the “Texas Privacy Law”), which goes into effect July 1, 2024. With this law, Texas joins 10 other states that have also passed comprehensive privacy laws throughout the United States: California, Virginia, Colorado, Connecticut, Utah, Florida, Montana, Iowa,

The European Parliament adopted a Resolution on 11 May 2023 against the adoption of an EU adequacy decision for the US based on the EU-US Data Privacy Framework (DPF). The Resolution comes after an analysis by the European Parliament of the Executive Order on Enhancing Safeguards For United States Signals Intelligence Activities (EO 14086), which

On May 18, 2023, the Federal Trade Commission (“FTC”) issued a policy statement warning companies of the ways that collecting and using biometric information, or using biometric information technologies, might amount to an unfair or deceptive practice in violation of Section 5 of the FTC Act.

The policy statement identified several potentially deceptive practices: false

On 25 April 2023, the UK Government announced the introduction of the Digital Markets, Competition and Consumers Bill (the “Bill”) into Parliament.1 The Bill, which reflects a key government priority of increasing consumer choice and competition, provides for:

  • Far-reaching new consumer protection powers to be conferred on the Competition & Markets Authority (the 

On April 25, 2023, the Federal Trade Commission (FTC), Department of Justice Civil Rights Division (DOJ), Equal Employment Opportunity Commission (EEOC), and the Consumer Financial Protection Bureau (CFPB) issued a joint statement (Joint Statement) that each of them is now, and will be, looking at possible discrimination involving AI systems and other automated processes.

The

With an effective date of February 17, 2024, the Digital Services Act (“DSA”) will start applying to most online platform providers in less than a year. The DSA, which introduces due diligence and transparency obligations regarding algorithmic decision-making by online platforms, such as social media, video sharing or e-commerce, entered into force on November 16,

On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1

Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,

The UK Government has relaunched its efforts to reform the UK’s data protection regime, with the Data Protection and Digital Information Bill (No. 2) (the “Bill“) being introduced to Parliament on Wednesday 8 March. The Bill supersedes a previous version that was originally published in July 2022 (see our previous legal update).

The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)

The Secretariat of the National Information Security Standardisation Technical Committee (TC260) released a draft revision of the Technical Specification for Certification of Cross-Border Transfers of Personal Information (Certification Specification V2.0) on 8 November 2022, nearly five months after it issued the finalised specification of the same name (Certification Specification V1.0) (see our previous Legal Update