Insight on how cyber risk is being mitigated and managed across the globe.
By: Claude-Etienne Armingaud, Thomas Nietsch, Ludovico Lugnanin, Nóirín McFadden, and Sophie Verstraeten
The UK’s major post-Brexit reform of the UK General Data Protection Regulation (UK GDPR), the Data Use and Access Act (DUAA), became law on 19 June 2025.
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
In proceedings initiated by a Consumer Protection Agency for a preliminary injunction against the operator of a social network to prohibit the use of publicly accessible user data for AI training, the competent court ruled that using such data is permissible under the General Data Protection Regulation (GDPR.)
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
In a recent ruling (I ZR 161/24, 22 May 2025), the German Federal Court of Justice (BGH) clarified the scope of § 312k German Civil Code (BGB) regarding the obligation to provide a ‘cancellation button’ on websites if traders enable consumers to conclude continuing performance contracts (Dauerschuldverhältnis) via their website.
Read MoreBy: Claude-Étienne Armingaud and Josefine Beil
In a significant ruling on 14 February 2025, the First Instance Court of Nanterre, France ordered a company to suspend the deployment of several artificial intelligence tools until proper consultation with its Works Council has been completed.
Read MoreBy: Claude-Étienne Armingaud and Josefine Beil
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu
In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu
As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.
Read MoreBy: Shane Hubbard, Ludovico Lugnani, and Helen Phizackerley,
Since its introduction on 23 October 2024, the Data (Use and Access) Bill (the Bill) continues to evolve as it progresses through Parliament. Reminiscent of the incomplete Data Protection and Digital Information Bill, it has been introduced by the new Labour government to “harness the power of data for economic growth, support modern digital government, and improve people’s lives.” The Bill’s core aims are to grow the economy, improve UK public services and make people’s lives easier. It has been positioned as “a positive package” that “provides greater regulatory certainty for organisations and promotes growth and innovation in the UK economy.”
By: M. Claire Healy, Kathleen D. Parker, and Erinn L. Rigney
Effective 1 January 2026, Illinois House Bill 3773 (HB 3773) amends the Illinois Human Rights Act, (IHRA) to expressly prohibit employers from using artificial intelligence (AI) that “has the effect of subjecting employees to discrimination on the basis of protected classes.” Specifically, Illinois employers cannot use AI that has a discriminatory effect on employees, “[w]ith respect to recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment.”
Read MoreBy: Claude-Etienne Armingaud, and Josefine Beil
On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.
Read MoreCopyright © 2025, K&L Gates LLP. All Rights Reserved.