• |

    Apr. 15, 2026

Cookie Compliance Strategies for 2026

Many U.S. cookie compliance programs look sound on paper but fail in practice. Regulators and plaintiffs continue to find mismatches between what companies say they do and how their websites operate. This article provides actionable guidance for organizations to reduce their cookie-related risk amid surging litigation and aggressive enforcement. It distills commentary and a detailed cookie compliance roadmap that professionals from McDermott Will & Schulte, T-Mobile, U.S. Bank and Volkswagen presented at the IAPP Global Summit 2026, as well as insight from a Kroll expert who spoke to the Cybersecurity Law Report. See “Lessons From the Trenches: Winning Strategies for Defeating Pen Register Lawsuits” (Jun. 12, 2024).

What the E.U. Data Act Means for IoT Businesses Operating in Europe

In the European Union, under the E.U. Data Act (Act), IoT data now belongs to users. Most provisions of the Act, which sets new rules for U.S. and other non-E.U. companies that do IoT-related business in Europe, came into force in September 2025. Together with other E.U. laws and sector regulations, the Act creates a complex and multilayered compliance landscape in the E.U., presenting companies with GDPR-level financial risk, as well as exposure to class actions and legal claims from competitors. This article, distilling insights offered by Baker Botts and Faegre Drinker Biddle & Reath partners during a BARBRI program, analyzes key elements of the Act and offers compliance guidance. See our two-part series on Cybersecurity Obligations in E.U.’s digital laws: “AI Act, CRA and NIS2” (Sep. 4, 2024), and “Data Act, DORA and Compliance Steps” (Sep. 11, 2024).

The Changing Landscape of the French “Secret Professionnel

In France, the “secret professionnel” for attorneys – the French version of attorney-client privilege – has long been presented as a cornerstone of the rule of law and a necessary condition for legal advice and defense. However, four Cour de cassation decisions, issued between September 2025 and March 2026, illustrate that the scope of the secret professionnel protection is no longer interpreted in a uniform way. In this guest article, Proskauer partner Bryan Sillaman and senior associate Salomée Bohbot review the legal background of the secret professionnel in France, analyze the four French cases and discuss new legislation introduced in 2026 concerning the confidentiality of communications with in-house legal teams. See “Tool or Third Party? Courts Differ on AI’s Role in Privilege and Work-Product Protections” (Mar. 18, 2026).

Ropes & Gray Welcomes Former DOJ Leader As Data, Privacy and Cybersecurity Partner in D.C.

Former federal prosecutor Maya Song has joined Ropes & Gray as a partner in the firm’s data, privacy & cybersecurity practice in Washington, D.C. She brings more than a decade of leadership experience at the DOJ, most recently having served as First Assistant U.S. Attorney in the Eastern District of Virginia. For insights from Ropes & Gray, see “How the CJEU’s Russmedia Decision Resets GDPR Obligations for Online Marketplaces” (Feb. 18, 2026); and “Managing Data Transfers After Latombe” (Oct. 8, 2025).

Veteran Data Privacy Litigator Joins BakerHostetler in Los Angeles

Spencer Persson has joined BakerHostetler’s Los Angeles office as a partner in the firm’s digital assets and data management practice group and as a member of the privacy and digital risk class action and litigation team. He arrives from Davis Wright Tremaine. For insights from BakerHostetler, see “Tool or Third Party? Courts Differ on AI’s Role in Privilege and Work-Product Protections” (Mar. 18, 2026); and “In‑House Insights on Optimizing Compliance Culture” (Feb. 25, 2026).

Most-Read Articles

Trailblazing Women – Contributions, Achievements and Observations of Outstanding Leaders

To mark International Women’s Day, Law Report Group editors, along with our colleagues across ION Analytics’ products, interviewed outstanding women in the industries and jurisdictions we cover. In this article, Jill Abitbol, Robin Barton, Rorie Norton and Megan Zwiebel profile notable women in the data privacy, cybersecurity, AI, private funds and anti-corruption law fields, including (i) Paula Howell Anderson, (ii) Gwendolyn Lee Hassan, (iii) Audrey Koh, (iv) Stacy Feuer, (v) Heather Egan, (vi) Jeewon Serrato, (vii) Stephanie Breslow, (viii) Anne Choe, (ix) Heather Wyckoff, (x) Angie Batterson, (xi) Jacqueline Eaves, and (xii) C. Dabney O’Riordan.

Enjoy reading their inspiring remarks here.