Privacy & Information Security Law Blog

On November 19, 2025, the European Commission unveiled the much-anticipated digital omnibus legislative package (the “Digital Omnibus”), setting the stage for a new era of digital governance and regulatory simplification across the European Union. According to the Commission, this initiative is designed to enable European businesses to devote more energy to innovation and growth, rather than navigating complex compliance landscapes.

On November 17, 2025, the Council of the European Union adopted new rules designed to strengthen cooperation among national data protection authorities, enhancing the enforcement of the EU General Data Protection Regulation.

On November 12, 2025, the Centre for Information Policy Leadership at Hunton published a discussion paper titled “Comparing U.S. State Privacy Laws: Covered and Sensitive Data,” the latest in its discussion paper series comparing key elements of U.S. state privacy laws.

On November 12, 2025, the UK government introduced the draft Cyber Security and Resilience (Network and Information Systems) Bill to the UK Parliament.

On November 11, 2025, the European Data Protection Supervisor published new guidance for risk management of artificial intelligence systems.

On October 28, 2025, the Cyberspace Administration of China issued important amendments to the Chinese Cybersecurity Law, which will take effect on January 1, 2026.  

On October 13, 2025, California Governor Newsom signed into law Assembly Bill 56,  which requires social media platforms to display health warnings to users under 18 years old about the risks of social media use.

On November 4, 2025, the European Data Protection Board adopted its opinion on the European Commission’s draft decision regarding the adequacy of Brazil’s personal data protection framework. Once finalized, this decision will enable the free flow of personal data from the European Union to Brazil.

On October 10, 2025, California Governor Gavin Newsom signed Senate Bill 683, amending California’s Right of Publicity statute to add injunctive relief to the available remedies and extend protection to digital replicas.

On October 31, 2025, the UK ICO launched a public consultation on its draft Data Protection Enforcement Procedural Guidance which sets out the updated procedures for investigations and enforcement by the ICO.