On May 14, 2026, Governor Polis signed SB 26-189 into law, substantially revising the Colorado AI Act originally enacted in 2024. While the original act never took effect, the law stood as a model in...

From 19 June 2026, organizations, including U.S. companies, will need to comply with the new formal process for handling data protection complaints where they act as controllers under UK data protection law. This is one...

In the rush to capture the perceived benefits of AI, we are continuing to see corporate leaders who want to dive straight into management or compliance simply focused on “this” product or “that” service, asking...

Rather than waiting for AI-specific legislation, plaintiffs are trying to fit AI-related conduct into existing statutes, many containing statutory damages provisions. As a result, companies training, deploying, and monetizing AI systems are facing a heightened...

How did it come to this? Last year you got a new cookie consent management platform (CMP), and you worked with your web team to implement it. You even took a conservative approach and tried...

In a previous blog, we discussed the UK Information Commissioner’s Office (“ICO”) prioritizing online advertising and cookie banner compliance. Following consultations last Autumn, the ICO finalized its Guidance on the Use of Storage and Access...