Insight on how cyber risk is being mitigated and managed across the globe.
By: Amigo Xie, Dan Wu and Sarah Kwong
On 18 July 2025, China’s Cyberspace Administration (CAC) officially launched its online portal (Portal) for registration of China Data Protection Officers (China DPO). This operationalizes the requirements under Article 52 of the Personal Information Protection Law (PIPL).
Read MoreBy: Dr Thomas Nietsch and Andreas Müller
Under the Regulation (EU) No 524/2013 on online dispute resolution for consumer disputes (ODR Regulation) traders established in the European Union (EU) who sell or offer products or services online to consumers residing in the EU are required to provide an easily accessible and clickable link to the EU’s ODR Platform on their websites to enable consumer to resolve disputes regarding the obligations stemming from the online sales or service contracts out of court. Until now…
Read MoreBy: Corey Bieber and Guillermo Christensen
K&L Gates partners Corey Bieber and Guillermo Christensen have published an article in Volume 2 of the June 2025 edition of CPI Antitrust Chronicle.
Read MoreBy: Claude-Etienne Armingaud, Thomas Nietsch, Ludovico Lugnanin, Nóirín McFadden, and Sophie Verstraeten
The UK’s major post-Brexit reform of the UK General Data Protection Regulation (UK GDPR), the Data Use and Access Act (DUAA), became law on 19 June 2025.
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
In proceedings initiated by a Consumer Protection Agency for a preliminary injunction against the operator of a social network to prohibit the use of publicly accessible user data for AI training, the competent court ruled that using such data is permissible under the General Data Protection Regulation (GDPR.)
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
In a recent ruling (I ZR 161/24, 22 May 2025), the German Federal Court of Justice (BGH) clarified the scope of § 312k German Civil Code (BGB) regarding the obligation to provide a ‘cancellation button’ on websites if traders enable consumers to conclude continuing performance contracts (Dauerschuldverhältnis) via their website.
Read MoreBy: Claude-Étienne Armingaud and Josefine Beil
In a significant ruling on 14 February 2025, the First Instance Court of Nanterre, France ordered a company to suspend the deployment of several artificial intelligence tools until proper consultation with its Works Council has been completed.
Read MoreBy: Claude-Étienne Armingaud and Josefine Beil
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu
In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu
As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.
Read MoreCopyright © 2025, K&L Gates LLP. All Rights Reserved.