Changes are Expected to the EU One-Stop-Shop Mechanism

Authored by Patrick Van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila this article was originally published in Privacy Laws & Business International Report, December 2023. Patrick van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila of Cooley analyse the updated guidelines for identifying the Lead Supervisory Authority and the draft GDPR Procedural Regulation. […]

The European Data Act: New Rules for a New Age

In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that will revolutionise the way data generated by connected devices is shared and used. Consumers and businesses will be able to access their devices’ data […]

EU’s Artificial Intelligence Act: The Last Stretch 

On Friday, 8 December 2023, European Union lawmakers concluded a provisional agreement on the much-anticipated Artificial Intelligence Act (AI Act). The AI Act – a broad new piece of legislation governing the development, placing on the market and use of AI systems – will apply beyond the EU’s borders and […]

Balancing Act: Navigating Privacy Challenges Under UK’s Online Safety Act 2023

The UK’s Online Safety Act (OSA) 2023, which became law on 26 October 2023, imposes extensive new obligations on certain types of online service providers, requiring them to protect their users by identifying, mitigating, and managing risks relating to illegal and harmful content. Due to its extraterritorial reach, the OSA […]

FTC Adds New Data Breach Reporting Obligations Under Safeguards Rule

On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require certain covered financial institutions to report a broad range of data breaches and other unauthorized data disclosures to the FTC. With a broader scope than existing obligations, quick […]

New York Department of Financial Services Amends Its Cybersecurity Regulations

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules. New class of covered entities The updated rules finalize a new class of financial services companies subject to NYDFS’ regulations […]

Biden Administration Issues Sweeping AI Executive Order

On October 30, 2023, the Biden administration issued a long-awaited executive order (EO) on artificial intelligence (AI). The EO expands on previous AI initiatives, such as the Blueprint for an AI Bill of Rights, and lays out the most comprehensive set of directions to date for federal agencies and the largest AI […]

Landmark Decision Handed Down on ICO’s Responsibilities in Handling Subject Access Requests

On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner, in which it upheld an earlier High Court ruling that the UK’s data protection regulator, the Information Commissioner’s Office (ICO), is not obliged to […]

California’s Delete Act – Key Takeaways for Data Brokers

On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026, the Delete Act will enable California consumers – as defined under the California Consumer […]

New UK Guidance on Workplace Monitoring

On 3 October 2023, the UK’s Information Commissioner’s Office (ICO) published new guidance on workplace monitoring. The previous guidance was issued in 2011, as part of the ICO’s Employment Practices Code, and was badly in need of updating, given both the development of new monitoring technologies over the last 12 […]