cyber/data/privacy insights

EU AI Act: Proposed ‘Digital Omnibus on AI’ Will Impact Businesses’ AI Compliance Roadmaps

This update covers the European Commission’s proposed “Digital Omnibus on AI”, published 19 November 2025. Part of the European Union’s simplification drive, the proposal aims to streamline the EU Artificial Intelligence (AI) Act’s implementation, ease compliance burdens and adjust compliance deadlines ahead of the AI Act’s full application on 2 […]

China Releases Multiple Key Draft Cyber and Data Security Regulations at Year-End 2025

China is closing out 2025 with significant steps to reinforce its data protection and cybersecurity regime. In the past month, Chinese regulators have unveiled multiple key draft regulations for public comments. These developments underscore China’s efforts to address the increasing data and security risks and the continuous enforcement of its […]

ICO Updates Guidance on Encryption

The UK Information Commissioner’s Office (ICO) has released updated guidance on encryption following a recent consultation.

The revised guidance provides a framework outlining when and how organisations should consider implementing encryption to protect personal data.

English Court of Appeal Rules on Compensation for Data Breaches

The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti)[1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

What the UK’s New Data (Use and Access) Act Means for Your Business

Event summary The UK’s Data (Use and Access) Act 2025 has now received royal assent. This landmark legislation introduces targeted updates to the UK’s data protection framework, impacting everything from automated decision-making and scientific research to marketing practices and cookie compliance. Please join our partners for a concise 30-minute webinar […]

Comparing New Neural Data Privacy Laws in 4 US States

Cooley partner Kristen Mathews‘ Law360 article argues that protecting neural privacy is essential – for both businesses and the human mind. Examining the evolving legal landscape surrounding neural data privacy in the United States, Mathews highlights recent legislation in Colorado, California, Montana and Connecticut regulating the handling of neural data […]

The DOJ’s Data Security Program – Understanding and Complying with the New Bulk Data Transfer Rule

This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) data security program, commonly known as the bulk data transfer rule, which prohibits individuals or entities from certain foreign countries, including China, from accessing certain types of sensitive data, and imposes onerous privacy and […]

The Data (Use and Access) Act: What Businesses Need to Know

The UK’s Data (Use and Access) Act (DUA Act) has now received Royal Assent, introducing a series of targeted updates to the UK’s data protection framework in areas like artificial intelligence (AI) and research, while preserving alignment with core UK General Data Protection Regulation (GDPR) principles.

Virginia Enacts New Broad Consent Requirement for Collection of Reproductive and Sexual Health Information

On March 24, 2025, Virginia Gov. Glenn Youngkin signed into law SB 754, amending the state’s Consumer Protection Act to prohibit businesses from “[o]btaining, disclosing, selling, or disseminating any personally identifiable reproductive or sexual health information without the consent of the consumer.” The amendment, which takes effect on July 1, […]