Cyber Law Watch

Insight on how cyber risk is being mitigated and managed across the globe.

1
UK Data Use and Access Bill Becomes Law
2
AI Models May Be Trained With Publicly Available Data From Social Networks, Says the Higher Regional Court of Cologne (Decision of 23 May 2025, Ref. 15 Ukl. 2/25)
3
Termination Button–Also Required for Agreements With Automatic Expiry and One-Time Payment
4
Deployment of AI in the Workplace in France–The Importance of Consulting With the Work Forces
5
New EDPB Guidelines: Processing Personal Data on Blockchain
6
Privacy Awareness Week 2025
7
Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live
8
A Positive Package: The Data (Use and Access) Bill
9
Illinois Anti-Discrimination Law to Address AI Goes Into Effect on 1 January 2026
10
New EDPB Statement on Age Assurance: What You Need to Know

AI Models May Be Trained With Publicly Available Data From Social Networks, Says the Higher Regional Court of Cologne (Decision of 23 May 2025, Ref. 15 Ukl. 2/25)

By: Dr. Thomas Nietsch and Andreas Müller

In proceedings initiated by a Consumer Protection Agency for a preliminary injunction against the operator of a social network to prohibit the use of publicly accessible user data for AI training, the competent court ruled that using such data is permissible under the General Data Protection Regulation (GDPR.)

Read More

Termination Button–Also Required for Agreements With Automatic Expiry and One-Time Payment

By: Dr. Thomas Nietsch and Andreas Müller

In a recent ruling (I ZR 161/24, 22 May 2025), the German Federal Court of Justice (BGH) clarified the scope of § 312k German Civil Code (BGB) regarding the obligation to provide a ‘cancellation button’ on websites if traders enable consumers to conclude continuing performance contracts (Dauerschuldverhältnis) via their website.

Read More

Deployment of AI in the Workplace in France–The Importance of Consulting With the Work Forces

By: Claude-Étienne Armingaud and Josefine Beil

In a significant ruling on 14 February 2025, the First Instance Court of Nanterre, France ordered a company to suspend the deployment of several artificial intelligence tools until proper consultation with its Works Council has been completed.

Read More

New EDPB Guidelines: Processing Personal Data on Blockchain

By: Claude-Étienne Armingaud and Josefine Beil

The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.

Read More

Privacy Awareness Week 2025

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu

In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.

Read More

Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu

As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.

Read More

A Positive Package: The Data (Use and Access) Bill

By: Shane Hubbard, Ludovico Lugnani, and Helen Phizackerley,

Since its introduction on 23 October 2024, the Data (Use and Access) Bill (the Bill) continues to evolve as it progresses through Parliament. Reminiscent of the incomplete Data Protection and Digital Information Bill, it has been introduced by the new Labour government to “harness the power of data for economic growth, support modern digital government, and improve people’s lives.” The Bill’s core aims are to grow the economy, improve UK public services and make people’s lives easier. It has been positioned as “a positive package” that “provides greater regulatory certainty for organisations and promotes growth and innovation in the UK economy.”

Read More

Illinois Anti-Discrimination Law to Address AI Goes Into Effect on 1 January 2026

By: M. Claire Healy, Kathleen D. Parker, and Erinn L. Rigney

Effective 1 January 2026, Illinois House Bill 3773 (HB 3773) amends the Illinois Human Rights Act, (IHRA) to expressly prohibit employers from using artificial intelligence (AI) that “has the effect of subjecting employees to discrimination on the basis of protected classes.” Specifically, Illinois employers cannot use AI that has a discriminatory effect on employees, “[w]ith respect to recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment.”

Read More

New EDPB Statement on Age Assurance: What You Need to Know

By: Claude-Etienne Armingaud, and Josefine Beil

On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.

Read More

Copyright © 2025, K&L Gates LLP. All Rights Reserved.