Cyber Law Watch – Insight on how cyber risk is being mitigated and managed across the globe

A Positive Package: The Data (Use and Access) Bill

Jun 05 2025

By: Shane Hubbard, Ludovico Lugnani, and Helen Phizackerley,

Since its introduction on 23 October 2024, the Data (Use and Access) Bill (the Bill) continues to evolve as it progresses through Parliament. Reminiscent of the incomplete Data Protection and Digital Information Bill, it has been introduced by the new Labour government to “harness the power of data for economic growth, support modern digital government, and improve people’s lives.” The Bill’s core aims are to grow the economy, improve UK public services and make people’s lives easier. It has been positioned as “a positive package” that “provides greater regulatory certainty for organisations and promotes growth and innovation in the UK economy.”

Illinois Anti-Discrimination Law to Address AI Goes Into Effect on 1 January 2026

May 01 2025

By: M. Claire Healy, Kathleen D. Parker, and Erinn L. Rigney

Effective 1 January 2026, Illinois House Bill 3773 (HB 3773) amends the Illinois Human Rights Act, (IHRA) to expressly prohibit employers from using artificial intelligence (AI) that “has the effect of subjecting employees to discrimination on the basis of protected classes.” Specifically, Illinois employers cannot use AI that has a discriminatory effect on employees, “[w]ith respect to recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment.”

New EDPB Statement on Age Assurance: What You Need to Know

Feb 17 2025

By: Claude-Etienne Armingaud, and Josefine Beil

On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.

EU Updates Codes of Conduct on Countering Illegal Hate Speech Online

Jan 24 2025

By: Claude-Etienne Armingaud, Thomas Nietsch and Andreas Müller

The European Commission has strengthened its framework for combating illegal hate speech online through an enhanced Code of Conduct, building upon the success of its 2016 predecessor. This updated version, known as the Code of Conduct on countering illegal hate speech online +, aligns with the Digital Services Act (DSA) and represents a significant step forward in the EU’s efforts to create a safer digital environment.

A New Year Brings New Restrictions Relating to AI and California Performers

Dec 26 2024

By: Kathleen Parker and Carter Norfleet

Starting 1 January 2025, California Assembly Bill 2602 (AB 2602) will prohibit the use of vague, unfair, and unethical contractual terms that, without the performer’s full awareness, permit the unregulated production, use, and distribution of digital replicas of their likeness.

New House AI Bills for the Financial Services Sector

Dec 12 2024

By: Christopher Valente, Scott Gelbman, and Joshua Durham

Artificial intelligence (AI) remains top of mind for lawmakers and regulators, who continue to grapple with new legislative proposals, as well as a changing regulatory regime designed to prepare the United States government to interact with AI-related issues, while also positioning the United States to be a leader in AI innovation. In line with 15 USC Ch. 119 and Executive Order 14110, two more bipartisan House bills were just introduced to further the government’s response to AI.

Navigating the Intersection of Data Scraping and Artificial Intelligence–A Global Data Protection Authorities Take

Nov 11 2024

By: Claude-Etienne Armingaud and Anna Gaentzhirt

In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IEWG) recently published a Joint statement on data scraping and the protection of privacy (signed by the Canadian, British, Australian, Swiss, Norwegian, Moroccan, Mexican, and Jersey data protection authorities) to provide further input for businesses when considering data.

Clarifications of Legal Bases for Cross-Border Data Transfers in Landmark Judgment by the Guangzhou Internet Court in China

Nov 06 2024

By: Sarah Kwong, Dan Wu, and Amigo Lan Xie

The Guangzhou Internet Court in China (Court) issued a landmark judgment under the Personal Information Protection Law (PIPL) (Judgment). This marked the first court decision in China regarding cross-border personal information transfers. In the case, the plaintiff expressed concerns about his personal information being transferred internationally without his explicit consent, while the defendants argued that the data processing was necessary for contractual obligations and aligned with industry standards.

Mass. SJC Limits Website Tracking Technology Claims Under Wiretap Act

Nov 04 2024

By: Christopher Valente and Michael Stortz

In a critical new decision, the Massachusetts Supreme Judicial Court has confirmed that the state’s anti-wiretapping statute does not extend to website tracking technologies. In Vita v. New England Baptist Hospital, the Court held that the state’s 1968 Wiretap Act (Mass. G.L. c. 272, § 99) does not apply to the deployment of online software that collects and transmits information regarding user interactions with websites to third parties.