Data Protection

IAPP Publishes EU Digital Laws Report 2025

By Hansenard Piou

On September 30th, the IAPP (formerly the International Association of Privacy Professionals) released its EU Digital Laws Report 2025, a comprehensive analysis explaining and synthesizing the requirements of core EU digital laws. The report aims to provide a resource to help the broadest possible class of organizations, platforms, and developers comply with the Data Governance Act, the Data Act, the Digital Markets Act, the Digital Services Act, the EU AI Act, and the NIS2 Directive.

The 75-page report, prepared collaboratively by professionals from EU law firms, academia, and a banking institution, is divided into 8 chapters:

Chapter 1: Scope and Requirements provides an overview of each law, outlining its purpose, key requirements, and the types of organizations and activities that fall within its scope.

Chapter 2: Transparency examines the role of “transparency” within each law, including documentation, public disclosure, and reporting requirements.

Chapter 3: Accountability describes the accountability measures that ensure that organizations remain compliant, including contractual terms, codes of conduct, and legal obligations.

Chapter 4: Risk Assessments details the requirements under the DSA and the AI Act to conduct risk assessments and what these assessments must contain.

Chapter 5: Individual Rights outlines individuals’ rights with respect to activities covered by the laws, including available protections and remedies.

Chapter 6: Data Governance describes how the laws may impact data governance practices, including data storage, data security, consent, user reporting, and complaint remediation.

Chapter 7: Stakeholders and EU-Level Collaboration describes the laws’ relationships with government groups and institutions at the member state and EU level.

Chapter 8: The Interplay with GDPR analyzes each law’s relationship with the General Data Protection Regulation (GDPR), comparing and contrasting overlapping provisions and subject matter.

In light of the expanding responsibilities for professionals in fields such as AI governance, cybersecurity, and data protection, this report provides a foundational guidance for a strategy to build a robust compliance program in line with these laws.

Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on global privacy, data security, and AI law. Its attorneys and data consultants support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy, data security, and AI law.

Hansenard Piou is an Associate at Hintze Law PLLC with experience in global data protection issues, including kids’ global privacy laws, AADC, privacy impact assessments, GDPR, and privacy statements.  

Does the DOJ Rule Apply?

Does the DOJ Rule Apply?

This is the first in a series of blog posts about the DOJ Rule regarding Access To U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “DOJ Rule”).  It provides a high-level overview of the kinds of cross-border data transfers that are regulated by the DOJ Rule. Future blog posts will more closely examine the DOJ Rule, its requirements, potential impacts, and strategies to address compliance.

Read More

Hintze Lawyers Recognized in 2026’s Best Lawyers in America

Hintze Lawyers Recognized in 2026’s Best Lawyers in America

This year, eight of Hintze Law’s attorneys have been recognized by Best Lawyers® across a variety of categories, marking a significant milestone for the firm. Every one of our associates earned recognition, reflecting both the breadth of talent within our team and the dedication each attorney brings to their practice.

Read More

10 areas for US-based privacy programs to focus in 2025

10 areas for US-based privacy programs to focus in 2025

By Sam Castic

The post below was originally published by the IAPP at https://iapp.org/news/a/10-areas-for-privacy-programs-to-focus-in-2025.

This past year was another jammed one for privacy teams and it was not easy to stay on top of all the privacy litigation, enforcement trends, and new laws and regulations in the U.S.

Read More

California Enacts "genAI" Laws That Introduce New Privacy and Transparency Requirements, Amongst Others 

California Enacts "genAI" Laws That Introduce New Privacy and Transparency Requirements, Amongst Others 

By Emily Litka

In September 2024, California Governor Gavin Newsome signed a number of new generative AI (“genAI”) bills into law. These laws address risks associated with deepfakes, training dataset transparency, use of genAI in healthcare settings, privacy, and AI literacy in schools. California is the first US state to enact such sweeping genAI regulations.

Read More

EU-U.S. Privacy Shield Details Released

On February 29, 2016, the European Commission issued a draft “adequacy decision” introducing the EU-U.S. Privacy Shield (“Privacy Shield”). The Privacy Shield replaces the U.S.-EU Safe Harbor Framework (“Safe Harbor”) as the new data transfer agreement legitimizing transfer of EU personal data to the U.S. by certifying participants. As described and linked to in the Commission’s press release, several U.S. government agencies have provided written commitments to enforce the Privacy Shield. These commitments will be published in the U.S. Federal Register.

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze