Unique Insights on Privacy and Data Protection Worldwide
As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on in the months ahead.
Below are the top European digital regulatory issues to watch out for in 2026:Continue Reading 2026 Year in Preview: European Digital Regulatory Developments for Companies to Watch Out For
On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR
On July 14, 2025, the European Commission (EC) published its guidelines (the Guidelines) on the protection of minors online. These Guidelines, which were initially released for consultation in May 2025, provide direction for online platforms on the steps they can take to comply with their duties to protect the privacy, safety, and security of minors under the EU’s Digital Services Act (DSA). They focus on assessing and mitigating platform risks, the appropriate use of age assurance, and measures that should be taken to protect minors from manipulative commercial practices.Continue Reading European Commission Publishes DSA Guidelines on the Protection of Minors Online
On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part of a government strategy titled, “Data: a new direction,” the legislation has undergone several rounds of revision since its initial introduction. Its passage reflects the UK’s desire to diverge, in measured ways, from the EU’s approach to data regulation in the post-Brexit landscape.Continue Reading UK Introduces New Legislation Amending Privacy Laws
On April 24, 2025, the UK’s Office of Communications, commonly known as Ofcom—the regulator responsible for enforcing the UK’s Online Safety Act (OSA)—issued its Protecting Children from Harm Online Statement. The statement requires online services to conduct and document a children’s risk assessment in accordance with the OSA by July 24, 2025. Services will be required to implement measures to protect children from content that is harmful to them by July 25, 2025.Continue Reading The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now
On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack
On February 11, 2025, the European Data Protection Board (EDPB) adopted a statement (Statement) on age assurance. The Statement comes at a formative time in the development of age assurance practices, as EU and UK regulatory frameworks increasingly require companies to take steps to identify and protect child users of online services. The Statement outlines key privacy principles that should be followed when developing and deploying age assurance processes, together with the risks to individuals’ rights that can arise.Continue Reading European Privacy Regulators Issue Guidance on Age Assurance
