As agentic AI systems move from research labs to enterprise workflows, regulators worldwide are grappling with how to address the potential risks these systems may pose (as discussed in prior blog posts here and here). In January 2026, Singapore’s Infocomm Media Development Authority (“IMDA”) launched a non-binding Model AI Governance Framework for Agentic AI
When AI Meets the FCRA: What the Eightfold Class Action Means for Employers and HR Technology Providers
An estimated 87% of companies now using AI-driven tools in their recruitment processes, and that figure has nearly doubled in just two years. AI-powered platforms can ingest millions of candidate profiles, enrich them with publicly available data, and deliver algorithmically ranked shortlists to employers far faster than a human recruiter. But, with that capability comes
Spain’s Supervisory Authority Issues New Guidance on AI‑Based Voice Transcription
On April 20, 2026, the Spanish Data Protection Agency (AEPD) has published new guidance on how to comply with the GDPR when using AI‑powered voice transcription tools. The guidance builds on earlier AEPD guidance on this topic from January 2026. This blog post sets out the key takeaways of both guidance documents, which are
New EDPB Guidelines on the Use of Personal Data in Scientific Research
On April 15, 2026, the European Data Protection Board (EDPB) published draft Guidelines 1/2026 on the processing of personal data for scientific research purposes (Guidelines). The Guidelines are open for public consultation until 25 June 2026. They aim to clarify how the GDPR applies to academic, public‑sector, and commercial research, including research that relies on
“Sweet Home, Data Privacy” – Alabama’s New Privacy Law is Coming Online in 2027
We have another one! We wrote last week about Oklahoma’s new consumer protection law. Now, Alabama has passed its own comprehensive privacy law. The Alabama Personal Data Protection Act, House Bill 351, (the Law) will go into effect on May 1, 2027.
Here is a general summary of what to expect:
“Sweet Home, Data Privacy” – Alabama’s New Privacy Law is Coming Online in 2027
We have another one! We wrote last week about Oklahoma’s new consumer protection law. Now, Alabama has passed its own comprehensive privacy law. The Alabama Personal Data Protection Act, House Bill 351, (the Law) will go into effect on May 1, 2027.
Here is a general summary of what to expect:
A Changing Business Means Changing Privacy Obligations
Privacy pros have been saying it for years: Privacy is not set-it-and-forget-it. We have been seeing regularly how changes in laws and regulations impact organizations’ privacy obligations. Yet, often compliance is treated as a series of one-off projects: write a privacy notice, implement a policy, create a data inventory. As organizations evolve it’s
The White House AI Framework for Fair Use and Why the Courts May Get There First
On March 20, 2026, the Trump Administration released its National AI Legislative Framework, a seven-section policy document covering children’s safety, energy infrastructure, intellectual property, censorship, innovation, workforce development, and federal preemption of state laws. Guided by a vision of “permissionless innovation” and “minimally burdensome” regulation, the framework’s most consequential provision is in Section III, where
Your Website’s Pixels May Be Wiretaps: 10 Questions Every Business Should Ask About CIPA
The plaintiffs’ bar has been ramping up lawsuits under the California Invasion of Privacy Act (CIPA) and federal and state wiretapping statutes for years, and the wave is not receding. Tens of thousands of claims have been filed since 2022, with CIPA wiretapping continuing to accelerate in recent months. Meanwhile, plaintiffs are branching out beyond
The Technology Contracting Dilemma
Some technology articles age well. Here’s one on the HIPAA Security Rule: https://www.stoelprivacyblog.com/2025/01/articles/hipaa/a-deeper-dive-into-the-proposed-modifications-to-the-hipaa-security-rule/. The proposed modifications to the HIPAA Security Rule, published in the Federal Register on January 6, 2025, are still not in final form. The final action is expected next month. Once in final form, I will publish another article. As the