Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
EDPB Adopts Report on GDPR Right of Access Following 2024 Coordinated Enforcement Action
On January 20, 2025, the European Data Protection Board (EDPB) adopted a report on the implementation of the right of access by controllers under the GDPR (the Report). The right of access was the subject of the EDPB’s third coordinated enforcement action (CEF) in 2024 which involved 1,185 controllers of varying size, industry, and sectors. The Report provides useful recommendations for controllers on how to comply with access requests, including guidance on how long access request documentation should be retained, the importance of maintaining internal documentation, and how to avoid a ‘one size fits all’ approach. The Report emphasizes that access requests should be handled on a case-by-case basis, considering the broad scope of the right and the limited exemptions.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use
Despite recent focus on artificial intelligence (AI) by U.S. financial regulators, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Financial Industry Regulatory Authority (FINRA) have not yet issued new regulations specifically addressing the use of AI. Nonetheless, during the Biden administration, guidance from these agencies emphasized the necessity of responsible use of AI within existing regulatory frameworks, urging market participants to exercise additional diligence to navigate compliance risks associated with AI usage.
(more…)
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Nathan A. Howell
Chicago
nhowell@sidley.com
Kate Lashley
Miami, New York
klashley@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Alec J. Silvester
Miami
asilvester@sidley.com
U.S. Copyright Office Issues Report on Artificial Intelligence and Copyrightability
On January 29, 2025, the U.S. Copyright Office issued the second part of its Report on Copyright and Artificial Intelligence, following a Notice of Inquiry (NOI) the Office issued in 2023. The first part of the Office’s Report, released in July 2024, addressed digital replicas. This second part addresses copyrightability, an issue that attracted considerable interest from authors, artists, and the media and technology industries — approximately half of the more than 10,000 comments that the Office received in response to the NOI addressed copyrightability questions.
(more…)
Lauren M. De Lilly
Los Angeles
ldelilly@sidley.com
Nima H. Mohebbi
Century City
nima.mohebbi@sidley.com
Rollin A. Ransom
Los Angeles
rransom@sidley.com
Kristina Martinez
Los Angeles
kmartinez@sidley.com
Sebastien Wadier
Los Angeles
sebastien.wadier@sidley.com
EU Commission Launches Cybersecurity Action Plan for Hospitals and Healthcare Providers
On January 15, 2025 the EU Commission published an action plan with an aim to support cybersecurity in hospitals and healthcare providers in the EU (the Action Plan). The Action Plan is another response by the EU to the increasing cybersecurity threats facing all industries, including the health sector. The Commission notes that this risk has increased due to, amongst other factors, the increased digitisation of healthcare, which has allowed attack surfaces to grow. It also comes following a number of high-profile incidents which have impacted healthcare providers in the EU. The Action Plan is intended to build on the new EU cybersecurity legislation, such as the NIS Directive 2 (NISD2) and the Cyber Resilience Act, and feed into the full deployment of the European Health Data Space Regulation which was adopted on January 21, 2025. See our blog post here.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
With New Technologies Come New Risks: FINRA Issues 2025 Regulatory Oversight Report
Last week, the Financial Industry Regulatory Authority (FINRA) published its 2025 Annual Regulatory Oversight Report. The 80-page report hits on a number of familiar themes and subjects and includes two new areas of focus: 1) risks arising from the use of third-party vendors, including cybersecurity and data privacy risks, and 2) extended-hours trading services, which have become increasingly common across the industry. FINRA offers new observations regarding registered index-linked annuities (RILAs) in the context of Reg BI obligations. The report also reflects FINRA’s increased scrutiny of risks associated with emerging technologies, with a particular focus on generative artificial intelligence (AI) tools. Additionally, although much of the report repeats items included in prior years, it provides useful, comprehensive checklists reflecting FINRA’s views on the various topics and risk areas covered. Efforts to operationalize some of the items raised can present unique challenges, and we encourage you to reach out to a Sidley contact to talk further about particular concerns raised in the report.
(more…)
Andrew P. Blake
Washington, D.C.
ablake@sidley.com
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Kevin J. Campion
Washington, D.C.
kcampion@sidley.com
Kenyon Colli Hall
Boston
kenyon.hall@sidley.com
David M. Katz
New York
dkatz@sidley.com
Corin R. Swift
New York
corin.swift@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
Erin N. Kauffman
Washington, D.C.
ekauffman@sidley.com
CMS Seeks Comments on Proposed Guidance Addressing Study Protocols That Use Real-World Data
On January 17, 2025, the Centers for Medicare & Medicaid Services (CMS) issued a proposed guidance document on study protocols that use real-world data (RWD). The proposed guidance focuses on studies with RWD sources in the context of Medicare National Coverage Determinations (NCDs) using CMS’s Coverage with Evidence Development (CED) paradigm. It presents a proposed standardized template for manufacturers or other sponsors to use when developing CED study protocols using RWD. The proposed guidance could also have broader implications with respect to RWD studies and coverage considerations. Comments on the proposed guidance are due by March 18, 2025.
(more…)
Stephanie P. Hales
Washington, D.C.
shales@sidley.com
Meenakshi Datta
Chicago
mdatta@sidley.com
Trevor L. Wear
Chicago
twear@sidley.com
Ellie L. DeGarmo
Washington, D.C.
ellie.degarmo@sidley.com
Data Privacy and Cybersecurity Outlook for 2025: What Financial Services Firms Need To Know
Last year saw many developments across the worldwide data privacy and cybersecurity landscape, including in the EU/UK, and this momentum shows no sign of slowing in 2025. The EU General Data Protection Regulation (GDPR) enters its seventh year in May 2025. New cybersecurity and operational resilience legislation and related guidance are coming into force to regulate new and challenging technologies, several of which will affect financial services firms.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Max Charles Savoie
London
msavoie@sidley.com
Eleanor Dodding
London
edodding@sidley.com
European Health Data Space Regulation Adopted: What’s Next for Life Sciences Companies?
On January 21, 2025, the European Health Data Space Regulation (EHDS) was formally adopted by the Council of the European Union. This marks the near-final step in the adoption process, and will enter into force in the coming weeks. Importantly for life sciences companies (pharma, biotech, and medtech), the EHDS’ so-called secondary use provisions will become applicable in 2029, leaving companies four years to consider, adapt to, and implement these wide-ranging requirements.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Zina Chatzidimitriadou
London
zchatzidimitriadou@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com