By: Claude-Etienne Armingaud, Thomas Nietsch, Ludovico Lugnanin, Nóirín McFadden, and Sophie Verstraeten
The UK’s major post-Brexit reform of the UK General Data Protection Regulation (UK GDPR), the Data Use and Access Act (DUAA), became law on 19 June 2025.
Read MoreBy: Claude-Étienne Armingaud and Josefine Beil
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu
In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu
As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.
Read MoreBy: Claude-Etienne Armingaud, and Josefine Beil
On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.
Read MoreBy: Claude-Etienne Armingaud and Anna Gaentzhirt
In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IEWG) recently published a Joint statement on data scraping and the protection of privacy (signed by the Canadian, British, Australian, Swiss, Norwegian, Moroccan, Mexican, and Jersey data protection authorities) to provide further input for businesses when considering data.
Read MoreBy: Sarah Kwong, Dan Wu, and Amigo Lan Xie
The Guangzhou Internet Court in China (Court) issued a landmark judgment under the Personal Information Protection Law (PIPL) (Judgment). This marked the first court decision in China regarding cross-border personal information transfers. In the case, the plaintiff expressed concerns about his personal information being transferred internationally without his explicit consent, while the defendants argued that the data processing was necessary for contractual obligations and aligned with industry standards.
Read MoreBy Dr. Thomas Nietsch and Andreas Müller
On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).
Read MoreBy: Cameron Abbott and Rob Pulham
In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.
Copyright © 2025, K&L Gates LLP. All Rights Reserved.