The CJEU’s March 19, 2026, judgment in Case C-526/24 marks a significant development in GDPR enforcement, holding for the first time that even a single data access request may be refused as “excessive” under Article 12(5) GDPR if made in bad faith, while also confirming that an unjustified refusal to comply with such a request can itself give rise to damages liability under Article 82(1) GDPR.
Continue Reading CJEU: First Request for Access May Be Rejected as Abusive Under GDPR
The Federal Trade Commission remains focused on children’s privacy and the Children’s Online Privacy Protection Act.
Continue Reading FTC Signals Relaxed COPPA Enforcement for Age-Verification Technologies
The amended Cybersecurity Law of China (CSL) entered into force on Jan. 1, 2026. These amendments, officially approved by China’s top legislature in October 2025, mark the first major changes to the law since it took effect in 2017.
Continue Reading China’s Amended Cybersecurity Law Takes Effect
With its Russmedia judgment (C-492/23, Grand Chamber, 2 December 2025), the Court of Justice of the European Union (CJEU or Court) fundamentally reshapes how online marketplaces and other platforms hosting user-generated content must approach data protection compliance.
Continue Reading CJEU’s Russmedia Decision Expands Platform Controller Duties Under GDPR
Data brokers who offered brokerage services in California in 2025 must register or re-register their status with the state’s data broker registry by Jan. 31, 2026.
In-scope companies that fail to do so may be liable for administrative fines or even reasonable expenses incurred by the CalPrivacy regulator in investigating and bringing an administrative action
Cybersecurity incidents pose a fundamental challenge: How do you reassure stakeholders while acknowledging that many facts remain unknown early in forensic investigations?
Continue Reading How to Reassure Stakeholders When Facts Are Still Unknown During Cyber Incidents
Please join Greenberg Traurig and San Francisco shareholders Darren J. Abernethy and Gretchen A. Ramos on Dec. 10, 2025, for a CLE reviewing the key activities from this year in the world of data privacy and reading the tea leaves for what in-house counsel teams may expect for next year, with a focus on practical action items for businesses.
Continue Reading ACC Webinar: Getting Ready for 2026 – Data Privacy Compliance Priorities
On Dec. 5, 2025, the German act implementing the EU NIS 2 Directive was published.
Continue Reading NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
The last remaining provisions of the amendments to the New York Department of Financial Services’ (DFS) cybersecurity regulation called Part 500 came into effect Nov. 1, 2025.
Continue Reading NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk