Concerns about whether proposed changes to the GDPR in the European Commission's digital omnibus package could harm data flows between the EU and the U.K. are a "storm in a teacup" aimed at pressuring the EC's proposals, Shoosmiths privacy lawyer Alice Wallbank emailed us Monday.
Cross-Border Data and Transfers
Cross-border data transfers are a flashpoint in global privacy law, particularly between the EU and U.S. Mechanisms like the EU-U.S. Data Privacy Framework and Standard Contractual Clauses face ongoing scrutiny by courts and regulators as global corporate operations must sync with divergent national regulatory environments. This legal uncertainty has pushed companies to adopt more rigorous transfer impact assessments and contractual safeguards. This page tracks regulatory developments, enforcement actions, and emerging requirements for international data flows.
Privacy professionals expected more states to enact comprehensive privacy laws this year, but none of the bills introduced this year crossed the finish line, they said Thursday on a TrustArc webinar. Instead, states passed narrowly tailored privacy legislation or amendments to existing laws. In addition, several court decisions and enforcement actions drilled deep into top privacy issues, the privacy pros said.
As lawsuits over tracking technologies increase rapidly, some courts have managed to narrow the scope of older statutes, countering the litigation wave, said panelists during an Interactive Advertising Bureau (IAB) webinar Wednesday. But other courts remain split on the reach of these laws, they added.
Shadow AI remains a significant challenge for businesses, said panelists during a Practising Law Institute webinar Monday. They discussed an IBM Cost of a Data Breach 2025 report that focused on the problem of employees using AI platforms that aren't sanctioned by the workplace.
India's detailed Digital Personal Data Protection Act (DPDPA) will potentially be a substantial compliance burden for companies, Kochlar & Company technology attorney Stephen Mathias said in a Hogan Lovells podcast Thursday.
A service for making AI-generated apps said it’s embracing privacy by design by integrating an AI-powered code scanner.
BigID added data mapping using agentic AI to its privacy compliance software, the vendor said Wednesday. The feature automates and visualizes personal data flows, it added. “BigID uses agentic AI to interpret Record of Processing Activities (RoPA) details and dynamically map data collection, use, transformation, and transfers -- surfacing risky or unintended flows to help mitigate the risk of compliance issues or audit failures.”
Companies should look "behind the curtain" to ensure they are complying with a "complex web of legal obligations," beyond their data privacy policy, said Lathrop GPM lawyers in a blog post Friday.
The EU Council approved rules to facilitate handling GDPR cross-border data protection complaints, it announced Monday.
The European Data Protection Board (EDPB) backed the European Commission's plans to grant Brazil an adequacy decision to allow data flows but urged the EC to address "a few remaining points," it said Wednesday in an email.