Effective September 12, 2025, the EU Data Act introduced new rules on access to and sharing of data from certain products and services in business-to-consumer (B2C), business-to-business (B2B), and business-to-government (B2G) contexts. This alert highlights the key obligations. The EU Data Act applies to any business offering products or services in the EU, regardless of its location.Continue Reading EU Data Act Enters into Force
Laura Brodahl
EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached a provisional agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation…
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR EnforcementEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack
Posted in Cybersecurity
On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack
EU Data Act Imposes New Data Sharing Obligations
By Laura Brodahl & Laura De Boel on
Posted in Cybersecurity
As of September 12, 2025, the EU Data Act will impose new obligations concerning the sharing of, and access to, data generated by certain products and services offered in the EU. This alert highlights the data sharing obligations for providers of connected devices and related services.Continue Reading EU Data Act Imposes New Data Sharing Obligations
European Privacy Regulators Issue Guidance on Age Assurance
Posted in European Union
On February 11, 2025, the European Data Protection Board (EDPB) adopted a statement (Statement) on age assurance. The Statement comes at a formative time in the development of age assurance practices, as EU and UK regulatory frameworks increasingly require companies to take steps to identify and protect child users of online services. The Statement outlines key privacy principles that should be followed when developing and deploying age assurance processes, together with the risks to individuals’ rights that can arise.Continue Reading European Privacy Regulators Issue Guidance on Age Assurance
Understanding the EU’s Cyber Solidarity Act: Key Takeaways
By Cédric Burton, Demian Ahn, Laura Brodahl & Matthew Nuding on
Posted in Cybersecurity
On February 4, 2025, the European Union’s (EU) Cyber Solidarity Act (CSA) entered into force. The CSA aims to harmonize and strengthen the cooperation between EU authorities to improve their capacity to detect and address…
Continue Reading Understanding the EU’s Cyber Solidarity Act: Key Takeaways