• |

    Oct. 8, 2025

Managing Data Transfers After Latombe

The E.U.-U.S. Data Privacy Framework (DPF) lives. Last month, the European General Court (EGC) dismissed a challenge brought by French Member of Parliament Philippe Latombe to annul the DPF – the mechanism that allows for the lawful transfer of personal data from the E.U. to certified organizations within the U.S. – and confirmed the framework’s validity. This article provides an overview of the factual and legal context underlying the EGC’s decision, the key rulings and practical considerations around data transfer practices following the decision. In addition, since the decision is far from likely to be the last word on the adequacy of the DPF, this article discusses certain future challenges that may be brought. See “Bridging the Atlantic: E.U.‑U.S. Data Privacy Framework Practical Takeaways” (Jul. 26, 2023).

Navigating the Patchwork of Federal and State AI Deepfake Laws

Use of deepfakes – AI-generated synthetic media – to attack companies and individuals has prompted a patchwork of legislation, with more on the horizon. Michigan became the 47th state to enact deepfake legislation in August 2025, leaving only Alaska, Missouri and New Mexico without a comprehensive deepfake law. With insights from Davis Wright Tremaine partner James Rosenfeld and Fisher Phillips partner Daniel Pepper, this article provides an overview of common provisions contained in the federal and state AI deepfake laws, discusses the obligations they impose on covered companies and offers compliance strategies. See “Examining the Deepfake Landscape and Measures for Combatting Scams” (Sep. 3, 2025).

State AG Representatives Disclose AI Regulatory and Enforcement Outlook

As AI-specific legislation continues to get introduced, regulators are making clear that existing consumer protection and privacy laws still apply to issues involving AI. Moreover, just because a state does not have an AI law that addresses a certain activity does not mean that it will not take an interest in what another state is doing. This article synthesizes commentary from the Assistant AG and Chief of the Privacy and Responsible Technology Division in the Massachusetts AG’s Office, and the outgoing Director of Privacy and Tech Enforcement in the Texas AG’s Office, on the current AI legislative, regulatory and enforcement landscape, including private litigation, trends and navigating the investigative process. The discussion, moderated by Orrick, took place during IAPP’s AI Governance Global North America conference. See “CFTC Commissioner Johnson Addresses Regulatory Approaches to AI” (Aug. 6, 2025).

Holland & Knight Adds Data Strategy, Security & Privacy Partner in D.C.

Holland & Knight has announced that Matthew Welling has joined its data strategy, security & privacy practice as a partner in Washington, D.C. He arrives from Crowell & Moring. For insights from Holland & Knight, see our two-part series “CIPA Jury Verdict Against Meta”: Privacy Litigation Strategies and Lessons (Sep. 3, 2025), and Compliance Takeaways and the Wiretap Litigation Landscape (Sep. 24, 2025).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.