Spanish data protection authority, AEPD, imposes 10 Million EUR fine on a company, AENA for deploying a facial recognition system without an adequate DPIA. What does this mean for companies
Continue Reading 10 Million EUR Fine Demonstrates Scope of Effort Needed for DPIAsBig Beautiful AI Bill: Is the US State AI law ban back on the horizon?
A new draft Federal Executive Order released yesterday says: Maybe.
While the EU is busy putting the brakes on their EU AI Act due to being potentially too onerous and
Continue Reading Big Beautiful AI Bill: Is the US State AI law ban back on the horizon?EU Regulator Cookie Sweep Shows Importance of Website Tracking Compliance in the EU and US
New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and US companies that the need to prioritize website tracking hygiene and transparency.
In Europe:
Continue Reading EU Regulator Cookie Sweep Shows Importance of Website Tracking Compliance in the EU and USState AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark Settlement
The Attorney’s General of Connecticut, California and New York reached a $5.1 million settlement with Illuminate Education, for failing to implement proper information security measures to protect data of students
Continue Reading State AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark SettlementHIPAA, but for non-Covered Entities?
New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act
Continue Reading HIPAA, but for non-Covered Entities?Philippines Data Protection Authority: Biometric Data Is Not for Sale: Lessons for U.S. Privacy Law
“Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail context
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a
Continue Reading “Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail contextThe Sensitive Data Bulk Transfer Rule: What You Need to Know
The U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is in effect. That includes, as of Oct. 6, 2025, the requirements on due diligence and compliance.
What does this
Continue Reading The Sensitive Data Bulk Transfer Rule: What You Need to KnowCPPA Issues $1.35 Million Fine: What You Need to Know
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan.
These are
Continue Reading CPPA Issues $1.35 Million Fine: What You Need to KnowEffective Human Oversight of Automated Decision-Making Systems
The European Data Protection Supervisor (EDPS) recently issued a TechDispatch on Automated Decision Making.
Here is what you need to know:
Part 1: 12 Myths About Automated Decision-Making (ADM) Systems
Continue Reading Effective Human Oversight of Automated Decision-Making Systems