On March 31, 2026, the Office of the Australian Information Commissioner (OAIC) released its much-anticipated Exposure Draft of the Privacy (Children’s Online Privacy) Code (Draft Code). It introduces a number of novel concepts in addition to drawing from the UK Age-Appropriate Design Code (UK AADC), in an effort to
On March 20, 2026, Oklahoma Governor Stitt signed the first new comprehensive state privacy law of 2026. The “Act relating to data privacy” is in force on January 1, 2027. In this post, we compare the new Oklahoma privacy law to the other 20 state consumer privacy laws already in force below.Continue Reading Oklahoma’s New Privacy Law Sweeps In
The countdown is on—the IAPP Global Privacy Summit is only six days away, and we’re looking forward to seeing so many of you in Washington, DC, for another energizing and insightful week in the privacy community. If you’ll be in town, we’d love to connect.Continue Reading We Hope to See You at the IAPP Global Privacy Summit!
Following unanimous votes by the California legislature and signature by the Governor, California enacted an Age-Appropriate Design Code Act (CAADCA) in September 2022 (codified at CA Civil Code Section 1798.99.28-32), as a measure purportedly “aimed at protecting the wellbeing, data, and privacy of children [under 18] using online platforms.” Industry group NetChoice soon turned to federal court and sought an injunction seeking to prevent the law from being enforced on the grounds, among others, that it violates the First Amendment and the dormant Commerce Clause of the United States Constitution and is preempted by other federal statutes addressing online child safety, including the Children’s Online Privacy Protection Act (COPPA).Continue Reading The Future of the CA Age-Appropriate Design Code Act: What Remains, What’s Still Open to be Contested, and What Companies Must Consider for Minors’ Online Safety
In its press release relating to the Court of Justice of the European Union (CJEU) judgment of 10 February 2026 in Case C-97/23 P, the CJEU has confirmed that the action brought by an organization against a Binding Decision of the European Data Protection Board (EDPB) is admissible.
With this decision, the CJEU has clarified that organizations have a right of direct appeal against binding decisions of the EDPB on which a national authority’s decision against them is based.Continue Reading EDPB Binding Decisions Can Be Challenged Directly by Organizations Before EU Courts
Privacy compliance has entered a new phase—one defined not only by high-profile enforcement actions but by the growing expectation that organizations implement and maintain mature information governance programs capable of validating true, system-level technical compliance rather than merely projecting the appearance of it. A spate of recent California enforcement actions makes clear that companies must be prepared to validate how privacy control’s function, including across systems, platforms, and data flows, making thoughtful, system-oriented self-assessment an increasingly important tool for aligning policy commitments with operational reality—before regulators do it for them. SPB helps client’s self-access, identify gaps and remediate issues under the cloak of privilege.Continue Reading CalPrivacy Update: Shifting to Structural Compliance and Auditing
A recording is now available for “California and Beyond: HR Data Risk Issues for Employers,” a highly relevant webinar covering the rapidly shifting world of HR data, privacy obligations, and AI regulation. Presented by Squire Patton Boggs Partners Alan Friel and Michael Kelly, and Associate Sam Kim, this session will give employers the clarity they need as new rules take effect and enforcement ramps up.Continue Reading A Timely Look at HR Data and AI Regulation Trends: Webinar Recording Available
The IAPP Global Privacy Summit is right around the corner, and if you’re in Washington, DC, or heading there for the event, we’d love the chance to connect with you in person.Continue Reading Join Us at the IAPP Global Privacy Summit in Washington, DC!
Please join us at these upcoming events to hear the latest trends, updates and insights within the global Data Privacy realm.
Thailand & SE Asia: 7th International Arbitration Summit
February 25 2026
Tokyo and Shanghai Partner Scott Warren will be speaking at the Thailand & SE Asia: 7th International Arbitration Summit in Bangkok on Cross-
The European Commission has unveiled its long‑awaited proposal for the EU Digital Networks Act (DNA), a sweeping regulation poised to reshape Europe’s telecoms and digital infrastructure landscape for decades to come. From accelerating the fiber transition to introducing an EU‑wide satellite authorization regime and simplifying market access through a single passport, the proposal signals a