Data Privacy

The Ministry of Electronics and Information Technology (MeitY) has recently released the much-awaited draft of the Digital Personal Data Protection Rules, 2025 (Rules) for public consultation. These proposed Rules provide important insights into the upcoming implementation of India’s new data protection law, which has been under development for some time.

The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) marks a significant shift in India’s data privacy landscape, laying the foundation for a comprehensive framework governing the collection, use and management of personal data.Continue Reading The Impact of India’s New Digital Personal Data Protection Rules

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

State Privacy Enforcement Updates: CPPA Extracts Civil Penalties in Landmark Case; State Regulators Form Consortium for Privacy Enforcement Collaboration |

Companies in all industries take note: regulators are scrutinizing how companies offer and manage privacy rights requests and looking into the nature of vendor processing in connection with application of those requests. This includes applying the proper verification standards and how cookies are managed. Last month, the California Privacy Protection Agency (“CPPA” or “Agency”) provided

As reported previously, the California Privacy Protection Agency (“CPPA”) closed the public comment period for its proposed cybersecurity audit, risk assessment and automated decision-making technology (“ADMT”) regulations (the “Proposed Regulations”) in late February. In advance of the CPPA’s April 4 meeting, the CPPA released a new draft of the Proposed Regulations, which proposed relatively minor substantive changes, but pushed back the dates for when certain obligations would become effective. The Agency’s Board met on April 4, 2025, to discuss the new proposals and comments received, as well as the potential for some very different alternatives, especially related to ADMT. Members of the CPPA Board debated the staff’s approach and ultimately sent the staff back to narrow the scope of the Proposed Regulations, clarify what was in and out of scope with more examples, and to further consider how to reduce the costs and burdens on businesses. While it is unclear exactly what staff will come back with, the alternatives discussed provide some hints on what a more constrained approach may look like.Continue Reading The Future for California’s Latest Generation of Privacy Regulations is Uncertain

Our very own Alan Friel, Julia Jacobson and Kyle Dull will be featured in a series of upcoming CLE webinars designed to equip legal professionals with practical strategies for drafting enforceable terms of use, managing privacy risks in AI, and navigating the latest state data privacy laws.Continue Reading Join Us in April for Three Upcoming Strafford Webinars

In our earlier blog on recent changes affecting the Competition and Markets Authority (CMA), we anticipated more changes to come. The month of March has lived up to our expectations. On 12 March, the CMA launched a “call for evidence” for the review of its approach to merger remedies as well as a “Mergers Charter” for businesses, stating that:

“Both the merger remedies review and the Mergers Charter are part of the CMA’s programme of work to implement the ‘4Ps’ – pace, predictability, proportionality and process – across all its work, helping to drive growth and enhance business and investor confidence.”[1]Continue Reading Ch-ch-ch-ch-changes… Part 2

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Seeks Comment on Quiet Hours and Marketing Messages | Privacy World

New Class Action Threat: TCPA Quiet Hours and

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CA Legislators Charge That Privacy Agency AI Rulemaking Is Beyond Its Authority

Data Processing Evaluation and Risk Assessment Requirements Under

Join Team SPB’s Alan Friel, Julia Jacobson and Kyle Dull for three informative webinars addressing key topics including AI-driven decision-making technologies, the development of terms of service and privacy policies, and best practices for the responsible use of AI and associated risk management.

A limited number of complimentary passes are available to clients for each webinar. For more details on free passes, please reach out to Julia Jacobson.

Continue Reading Join Team SPB this Spring for Three Engaging Webinars