The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom.
By Brian Meenagh, Calum Docherty, Faisal Imam,* and Ksenia Koroleva
The Saudi Data & Artificial Intelligence Authority (SDAIA) has released non-binding guidelines for assessing risks when transferring or
On March 17, 2025, the Finnish Supervisory Authority (“SA”) announced that it is investigating the transfer of personal data related to human research samples by a Finnish university to a Chinese company for genetic analysis services.
On March 14, 2025, the Cyberspace Administration of China (“CAC”) released the final Measures for Labeling Artificial Intelligence-Generated Content and the mandatory national standard GB 45438-2025 Cybersecurity Technology – Labeling Method for Content Generated by Artificial Intelligence (collectively “Labeling Rules”). The rules will take effect on September 1, 2025.
The Labeling Rules impose explicit and
NOTE: This conversation was recorded on January 31st, 2025. It has been slightly modified to tailor the conversation to a blog format, prioritizing readability.
Introduction and Background
Vivek: My name is Vivek Vaidya, one of the founders and CTO of Ketch.
Jodi: And I’m Jodi Daniels, CEO and privacy consultant at Red Clover Advisors.
Vivek:
On March 13, 2025, the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath, confirmed that the Commission is considering simplifying the GDPR with a view to reducing the burden on smaller businesses. This statement aligns with the Commission’s broader goal of simplifying the EU digital framework.
2024 marked another significant year for privacy law, with new state legislation and high-stakes litigation reshaping the landscape. Legal battles over tracking technologies, biometric data, and children’s privacy intensified, while federal agencies, including the Federal Trade Commission (“FTC”) and the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”), ramped up
In this short on-demand webinar, David Stauss provides an overview of the California Privacy Protection Agency’s first non-data broker enforcement action under the CCPA. The webinar provides an overview of the alleged violations, fine and remedial measures, and takeaways.
The webinar is available exclusively to Byte Back AI subscribers and to Husch privacy clients through
Keypoint: It was a busy week with the Kentucky legislature passing a bill to amend the state’s consumer data privacy law, bills crossing chambers in Vermont, Washington and Arkansas, and movement with bills in numerous other states.
Below is the tenth weekly update on the status of proposed state privacy legislation in 2025. As always,
This blog post explores the role of AI in anticompetitive horizontal and vertical agreements under Article 101 of the Treaty on the Functioning of the EU, as well as how AI could assist regulators in enforcing competition law rules.
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data protection and cybersecurity laws during the year 2024.
Based on the official statistics, during 2024, the CAC interviewed 11,159 website platforms, imposed warnings or