On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident … [Read more] about UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident
On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK to continue until … [Read more] about European Commission Moves to Extend Free Flows of Personal Data to the UK
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance … [Read more] about Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules
On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA). The … [Read more] about Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations
The International Association of Privacy Professionals (IAPP) recently recognized Alston & Bird Senior Counsel Peter Swire as part of the IAPP’s “25 Leaders, 25 Moments at 25 Years” series. The IAPP, an organization with over 80,000 … [Read more] about Peter Swire’s Work Recognized by IAPP