Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that
Data Protection
What do organisations need to disclose to individuals about AI and automated decisions?
Individuals have the right to receive meaningful information about solely automated decisions with significant effects under the General Data Protection Regulation (GDPR). This includes decisions that will impact an individual’s finances or employment. But how much information are…
CJEU Advocate General clarifies when pseudonymised data falls outside the definition of personal data


On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board…
US Dept of Health proposes Security Rule amendments that includes new deadlines
On December 27, 2024, the United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve data protection measures in the healthcare sector.
Learn more about the…
New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024



On 24 December 2024, Malaysia’s Minister of Digital stipulated the dates on which the provisions of the Malaysian Personal Data Protection (Amendment) Act 2024 (Amendment Act) will come into force. The Amendment Act will take effect in three…
TR v Land Hessen – DPA not obliged to fine under the GDPR

By Shan Nanayakkara
In TR v Land Hessen (C‑768/21) the European Court of Justice (“ECJ”) found that following a personal data breach, a supervisory authority is under no obligation to exercise its corrective powers, specifically the power to…

Lessons on international transfers to the US to organisations caught by the GDPR
The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of…
Bill-72: New health data transfer legislation proposed in Canada
The Government of Canada recently introduced Bill-72, the Connected Care for Canadians Act (Act), to promote the secure transfer of health information and prevent data blocking. The Act is designed to support the government’s initiative to establish an interoperable healthcare…

Recent regulatory developments in training AI models under the GDPR



In 2024, many organisations have been eager to look at how they can use the data they hold to debut or build on their artificial intelligence (AI) programme. Many are looking to use that data to train AI models, or…
12th Annual European Data Protection Conference
Please join us at our 12th Annual European Data Protection Conference.
The conference will take place in:
Frankfurt | Monday, September 30, 2024 | 11:00 – 14:30 CEST
Amsterdam | Tuesday, October 1, 2024 | 09:00 – 12:30 CEST
Paris…