On November 19, the European Commission (EC) released its EU Digital Omnibus proposal – a 153-page document accompanied by an explanatory memorandum and a Staff Working Document. This proposal introduces amendments, deletions, and replacements to several cornerstone EU digital laws, including: The GDPR. The Data Act. The AI Act. The ePrivacy Directive. Other instruments such […]
Data Protection
California Enacts Digital Age Verification Law
On October 13, 2025, California Governor Gavin Newsom signed Assembly Bill 1043, the Digital Age Assurance Act (Act), into law. Effective January 1, 2027, the Act introduces a device-based age verification system designed to create safer digital environments for children under 18. The Act underscores a trend of state laws that require age verification or […]
Unlocking the MIND Act: The Senate To Take on the Challenge of Neurotechnology
On September 24, 2025, Ranking Member Cantwell (D-Wash.), Leader Schumer (D-NY), and Senator Markey (D-Mass.) announced they will introduce the “Management of Individuals’ Neural Data Act of 2025” (“MIND Act”). If enacted, the MIND Act will direct the Federal Trade Commission (“FTC”) to conduct a comprehensive study and report on the collection, processing, storage, sale, […]
Chilean Regulator Launches Public Consultation on New Cybersecurity Law
On 16 September 2025, the Chilean Cybersecurity Agency (Agencia Nacional de Ciberseguridad, ‘ANCI’) launched a public consultation on its provisional list of companies that may be classified as ‘operators of vital importance’ (Operadores de Importancia Vital, ‘OVI’) under the recently enacted Chilean Cybersecurity Law (Ley Marco de Ciberseguridad No. 21.663, ‘LMC’). This list (available online […]
Texas Expands Data Broker Act Requirements
On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue from collecting, processing, or transferring personal data that they did not collect directly from consumers. […]