News

The Data Chronicles Podcast and Video Series

News

The Data Chronicles Podcast and Video Series

Welcome to Hogan Lovells’ The Data Chronicles, brought to you by the firm’s global Privacy and Cybersecurity practice. This multimedia series is dedicated to the ever-changing legal and regulatory developments in the world of data, privacy, and cybersecurity. Join us as we unravel and unpack various regulatory frameworks and legal developments around the globe.

The Data Chronicles will provide:

In-depth Insights: Our videos and podcasts feature interviews hosted by Scott Loughlin, co-lead of the privacy and security group, with leading privacy, cybersecurity, data and other professionals at the forefront of their fields. We’ll share their insights, experience, and practices related to legal issues that cut across legal disciplines, geographies and regulatory regimes.

Trending Topics: Stay up-to-date with the latest developments in privacy, data protection, cybersecurity, data challenges, and emerging technologies. We analyze the implications of these trends and offer insight useful to you and your organization.

Chapter 1 Season 2

The Data Chronicles | Data Protection in the Asia Pacific region | Trends, enforcement, and what’s ahead

In this episode of The Data Chronicles, host Scott Loughlin is joined by Charmian Aw, a partner in the firm’s Singapore office, to explore the current state of data protection law across the Asia Pacific region. As countries throughout the region ramp up regulations around privacy, cybersecurity, incident response, and AI, it has become increasingly difficult for organizations to keep pace with the rapid developments. Together, Scott and Charmian provide a timely update on recent trends, enforcement activity, and what the future may hold for data governance in this complex and evolving landscape.

The Data Chronicles | AI issue spotting | AI's growing impact on U.S. antitrust regulation

With artificial intelligence rapidly reshaping industries, its implications for competition law are becoming more significant than ever. This episode of AI Issue Spotting dives into the evolving relationship between AI and antitrust law in the United States, under the new administration and more broadly. As AI continues to disrupt markets, understanding its influence on mergers and acquisitions, consumer protection, and competition is crucial. Scott Loughlin is joined by Logan Breed and Chris Fitzpatrick, senior leaders from Hogan Lovells' global antitrust and competition team, to discuss how AI is transforming legal frameworks and what it means for businesses navigating this new frontier.

The Data Chronicles | AI issue spotting | AI agents' data privacy and governance considerations

As AI agents become more integrated into business operations and products, understanding their impact is crucial. In this episode of AI Issue Spotting, Scott Loughlin is joined by Daniel Berrick, Senior Policy Counsel for Artificial Intelligence at the Future of Privacy Forum, to break down the growing significance of AI agents. They explore key questions around how AI agents function, their risks to data privacy and security, and the challenges they pose in terms of alignment and accuracy. Scott and Daniel discuss the novel issues surrounding data collection, disclosure, and the need for explainability and oversight as AI agents continue to evolve.

The Data Chronicles | Unlocking the EU Data Act | What it means for connected products and related services

With the EU Data Act, the landscape of connected products and the allocation of rights to product data is set to change. This episode of The Data Chronicles is the final installment in a three-part series on the EU Data Act, turning the spotlight onto connected products and related services. Scott Loughlin is joined by Christian Tinnefeld, a partner at Hogan Lovells’ Hamburg office, and together they dive into how the new law will affect everything from smart devices to wearables, from IoT to medical products. They explore key parts of the Act, highlighting the impact on data access, privacy, and product development. With deadlines fast approaching, they also discuss the steps businesses must take to navigate this shift and the challenges and opportunities it brings.

The Data Chronicles | Unlocking the EU Data Act | Impact on cloud providers and cloud users

The EU Data Act is set to reshape the cloud computing landscape in the EU, but what does it mean for cloud providers and users in practice? That is the question this episode of The Data Chronicles seeks to answer. Scott Loughlin continues the discussion on the EU Data Act with Henrik Hanssen, counsel from Hogan Lovells’ Hamburg office, to explore how the cloud switching and interoperability requirements under the EU Data Act will affect cloud service product design, customer agreements and cloud business models. As cloud providers face the need to adapt, Scott and Henrik break down the challenges and opportunities that come with this significant regulatory shift.

The Data Chronicles | Unlocking the EU Data Act | What you need to know

The EU Data Act is set to transform the digital economy—but what does that mean for businesses? In the first episode of our three-part series, host Scott Loughlin is joined by Hogan Lovells colleagues, Christian Tinnefeld, partner, and Henrik Hanssen, counsel to break down the Act’s key provisions, its impact on cloud computing, connected products, and data-sharing obligations, and what companies must do to comply before the looming deadlines. From data mapping to contract renegotiations, they explore the challenges and opportunities businesses must navigate. Tune in for a practical guide to understanding one of Europe’s most significant digital regulations.

The Data Chronicles | The AI dilemma | Balancing GDPR and innovation in the EU

The Data Chronicles is checking in on the status of data protection law in Latin America. Whether it’s privacy, cyber, or AI, there is a lot going on throughout the region. Join host Scott Loughlin and fellow Hogan Lovells partner Guillermo Larrea as they discuss the challenges businesses face when complying with a wide variety of data protection laws, restrictions on cross-border data transfers, and the evolving standards for AI. They also cover topics such as emerging trends in enforcement, the region’s unique challenges for legal harmonization, and best practices for managing cybersecurity breaches impacting data subjects and businesses in Latin America.

The Data Chronicles | Data protection in Latin America | Where we are and where we are headed

The Data Chronicles | Navigating global data transfer restrictions | U.S., EU, and China

As global data transfer rules continue to evolve, Scott Loughlin is joined by fellow Hogan Lovells lawyers Eduardo Ustaran and Katie McMullan in this episode of The Data Chronicles to unpack the latest developments. From longstanding US policies and new DOJ rules to Europe's evolving stance, including the impact of the Trump administration and NOYB complaints regarding transfers to China, they cover many important topics. The trio also discusses the role of Transfer Impact Assessments (TIAs) and offers projections for the future of global data transfer restrictions, providing actionable insights for businesses on how to navigate these changes, including the use of Binding Corporate Rules (BCRs).

The Data Chronicles | Checking in on India’s new data protection law | Where are we headed

This episode of The Data Chronicles features a conversation on the latest developments on India's Digital Personal Data Protection Act of 2023. With newly proposed rules providing details on implementation, Scott Loughlin and Stephen Mathias, Partner and head of the Bangalore office of Kochhar & Co and Co-Chair of the firm's Technology Law Practice, break down key requirements, including: the evolving standard for consent, notice obligations across 22 languages, cybersecurity and breach notification mandates, and more. Scott and Stephen also investigate the broader implications for global businesses, including compliance challenges and how multinational companies should prepare.

The Data Chronicles | The FTC’s focus on location data and the hidden collection of sensitive data

The Data Chronicles dives into the recent FTC action against data broker Mobilewalla, which highlights the Commission’s continued focus on the collection, use, and disclosure of sensitive consumer data, including by downstream data recipients in the ad tech ecosystem. Join Scott Loughlin and Hogan Lovells colleague Alaa Salaheldin as they unpack the implications of the FTC action and what it means for the future of data privacy, ad tech and location data.

The Data Chronicles | The 2024 year-end review and 2025 predictions episode

In this special year-end episode of The Data Chronicles, host Scott Loughlin is joined by Eduardo Ustaran, global co-lead of Hogan Lovells' Privacy and Cybersecurity practice, while they take a deep dive into the key developments of 2024 and offer insights into what’s ahead for 2025.

The Data Chronicles | A matter of national security — U.S. regulation of cross-border data transfers

Join us for a short series examining the DOJ’s recent Notice of Proposed Rulemaking (NPRM) on cross-border data transfers and its potential to reshape global data flows from the US to China and other “countries of concern.” We’ll explore the NPRM’s implications for national security, compliance programs, data governance and the unique impact it will have on the health and life sciences sectors.

The Data Chronicles | U.S. data protection policy after the 2024 election

Recorded in December 2024, just weeks after Donald Trump’s election victory and the election of a Republican-controlled Congress, this episode explores how shifts in federal leadership could reshape the federal privacy framework. Scott is joined by Hogan Lovells colleagues Mark Brennan, Bret Cohen, and Harsimar Dhanoa. Together, they analyze the implications for businesses and consumers, highlighting the potential changes for privacy laws in the U.S.

One-click cancellations | Exploring the impact of the FTC’s new click-to-cancel rule

The FTC's new Click-to-Cancel rule is designed to simplify the process for consumers to cancel recurring subscriptions and memberships, requiring B2B and B2C businesses to evaluate their practices, user interfaces, and compliance measures. While the intent is clear, its implications are extensive, and the rule has already been challenged in court. Scott Loughlin is joined by Harsimar Dhanoa, who specializes in emerging regulations. Together, they explore the impact of the new rule in the broader context of user experience, data protection, and consumer rights, as well as the important role of data protection professionals in navigating these changes.

Behind the curtain | FDA and privacy considerations in clinical trial recruitment

Explore the challenges of clinical trial recruitment within the life sciences sector in this episode of The Data Chronicles. Successful clinical trial recruitment is critically important to any research sponsor, including pharmaceutical and medical device companies and this poses a number of complex FDA and privacy considerations. Host Scott Loughlin is joined by fellow Hogan Lovells lawyers Robert Church, a partner in the FDA practice, and Melissa Levine, counsel in our Privacy and Cybersecurity practice. Together, they discuss how organizations can navigate the regulatory landscape and address the unique hurdles that arise in attracting and enrolling suitable data subjects for clinical studies.

Did the 9th Circuit just say that DPIAs are unconstitutional?

In this Data Chronicles podcast, host Scott Loughlin is joined by Hogan Lovells colleagues Ryan Thompson and Harsimar Dhanoa to explore the clash between data privacy, regulation of online services, and the First Amendment as spotlighted in a recent Ninth Circuit decision on California’s Age-Appropriate Design Code Act (AADC). This ruling, which found that the AADC’s Data Protection Impact Assessment (DPIAs) requirements likely violate the First Amendment, could impact data protection policy more broadly as policymakers increasingly see DPIAs as a regulatory tool. Listen as they dissect the ruling’s implications for DPIAs and the future of using DPIAs as a component of kids policy.

Data minimization is a challenging opportunity

Data minimization is now a popular data protection requirement for policy makers. Whether it’s in established laws like HIPAA, GDPR or the CCPA or the emerging state laws, lawmakers increasingly expect that businesses will only collect, use and retain only the minimum amount of personal data. That’s easier said than done.

While the requirement seems straightforward, it is very difficult to implement or even to know where to start. Matt McClelland, Managing Director & IG Practice Leader at Ankura, joins host Scott Loughlin to explore data minimization strategies, including as part of larger data governance programs. While challenging, learning how to approach data minimization can create lasting value for data-driven businesses' AI and cyber risk management.

Fake reviews no more | The FTC’s new rule and what it means for AI and you

The FTC has concerns with user reviews. As consumers explore a vast global marketplace, they increasingly depend on product and service reviews to make informed decisions. There are widespread questions, however, whether these reviews can be manipulated or become misleading, including through non-disclosed paid endorsements and AI-generated fake entries. To address both the importance of reviews and their integrity, the FTC is introducing new rules, which the FTC believes will enhance transparency and fairness in user reviews. Host Scott Loughlin, along with Hogan Lovells lawyers Lance Murashige and Harsimar Dhanoa, will explore how these regulations will impact ecommerce and create a new regulatory overhang for user reviews. This discussion will provide valuable insights into the impact of these changes on both businesses and consumers.

Existing and emerging individual rights across U.S. privacy laws

Host Scott Loughlin is joined by Hogan Lovells teammates Aaron Lariviere and Rachel Parrish to examine the evolving landscape of individual privacy rights under U.S. state laws in this episode of The Data Chronicles. Together, they discuss how differing privacy rights—such as access, deletion, and opt-outs—create compliance challenges for organizations operating under the disparate set of U.S. rules. This discussion provides valuable insights into navigating these intricate state-specific laws and implementing effective strategies for compliance.

2024 State legislative roundup

The dynamic legislative landscape takes center stage in this episode of The Data Chronicles. Across the United States, state legislatures have passed numerous bills relating to privacy, online safety, and data governance, contributing to the complex regulatory environment. This episode recaps the legislative changes in the first half of 2024, featuring insights from host Scott Loughlin and Harsimar Dhanoa, an associate dedicated to privacy and cybersecurity at Hogan Lovells. Join them as they discuss the implications of these new laws for businesses and consumers, and what lies ahead in the dynamic intersection of technology, law, and policy.

Insider Threats | Navigating hiring risks from foreign adversaries

This episode of The Data Chronicles focuses on insider threats in the hiring process. Recent reports have highlighted a concerning trend where North Korean nationals seek and sometimes secure jobs in the United States and other Western countries using sophisticated methods to evade sanctions restrictions and potentially steal data. These developments have reignited discussions on how organizations should handle insider threats from sanctioned countries during recruitment. Joining Scott Loughlin are Dan Ongaro, Hogan Lovells senior associate, and Landon Winkelvoss, co-founder of NISOS, a firm specializing in managed intelligence and digital investigations. Together, they share their insights, dissect the complexities of this issue, and propose strategies to enhance organizational security from insider threats, both foreign and domestic.

Navigating NIS2 | Cybersecurity in the EU

In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells counsel Dan Whitehead to dive into the evolving realm of cybersecurity regulation in the European Union (EU). Together, they explore the adoption of the Network and Information Security (NIS2) Directive, a cybersecurity framework set to impact a wide range of industries including tech, life sciences and other critical infrastructure provided both within and outside the EU. The discussion delves into the evolving nature of cybersecurity law, highlighting the implications on security governance, board-level oversight, and incident reporting, along with the GDPR-level fines for non-compliance. Listen as these regulatory changes are dissected and learn about how organizations are looking to comply with these new standards in practice.

Bug bounties and legal considerations of security researchers

In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells senior associate Dan Ongaro to explore security researchers, in particular, how they differ from threat actors and best practices for handling security researchers effectively. Discussion includes bug bounties and other vulnerability disclosure programs to help organizations remain secure and responsive to legal implications of security researchers such as when researchers cross the line to potential incidents or breaches.

AI issue spotting – A mastery series for lawyers

Since the launch of The Data Chronicles podcast in August 2023, we have recorded over 50 episodes covering a wide variety of topics and issues. Unsurprisingly, a common issue popping in many of the episodes is artificial intelligence. With so much interest in AI and many of our listeners asked to advise on the many legal issues arising from its use, we have developed AI Issue Spotting – A Mastery Series for Lawyers — a special series dedicated to equipping lawyers with the essential insights needed to understand the issues arising from artificial intelligence across legal disciplines. AI continues to disrupt industries, and the legal profession is no exception. AI lawyers now need to know aspects of every legal specialty. It’s a difficult task so the Mastery Series is here to help.

Rocky mountain high-risk AI – unveiling Colorado's AI Act

In this episode of The Data Chronicles, we explore the groundbreaking Colorado AI Act (CAIA), the first cross-sectoral AI governance law in the U.S. Host Scott Loughlin and Hogan Lovells senior associate Sophie Baum explore the implications of this pioneering legislation. Together they discuss the major provisions of the CAIA and highlight developer and deployer obligations, enforcement and rulemaking components of the bill and what companies need to do to prepare when CAIA goes into effect in February 2026.

The role of law enforcement in cybersecurity

In this episode of The Data Chronicles, we examine the role of law enforcement in cybersecurity. Host Scott Loughlin leads a discussion with Amit Kachhia-Patel, Assistant Special Agent in Charge (ASAC) overseeing the FBI New York Field Office’s cybersecurity squads, and Pete Marta, partner at Hogan Lovells, as they navigate how companies may leverage the expertise and resources of the FBI in a cyber crisis and explore the evolving landscape of cyber threats globally. Join us as we uncover the collaborative efforts between the private sector and law enforcement needed in combating cybercrime.

Net Neutrality alters the online ecosystem

The U.S. Federal Communications Commission is once again top of mind for players in the digital economy. The FCC has reinstated net neutrality rules as part of Chairwoman Rosenworcel's push to play a larger role in network, cyber, and national security issues. In this episode, host Scott Loughlin is joined by Hogan Lovells senior counsel, Charles Mathias, and counsel, John Castle, to discuss the privacy implications of the final rules, including how this policy could further restrict foreign access to data, and grant FCC authority over addressing cyber vulnerabilities and imposing other data protection obligations.

Rapid reaction | Maryland’s new kids code

Gov. Wes Moore made Maryland the second state to try to create strong limits on information collected on children by signing a new age-appropriate design code into law. In this rapid reaction episode, host Scott Loughlin is joined by Hogan Lovells associate Harsimar Dhanoa to discuss the new law, known as the Maryland Kids Code, and how it seeks to limit data that could be collected from children online and help keep children safe online.

Guarding your inbox | Navigating email cyberattacks

Email cyberattacks: a silent threat lurking in our inboxes. In this episode of The Data Chronicles, we dive into the dark world of email-based cyber threats, from phishing scams to misdirected wires. Host Scott Loughlin is joined by Hogan Lovells partner, Nathan Salminen, to discuss the tactics hackers use to deceive users and exploit mailboxes. Learn practical tips to safeguard your inbox and your data as we unravel the complexities of email security against digital adversaries.

Building the AI lawyer skillset – AI is now a competition issue

Predictions are that artificial intelligence will intersect with virtually every aspect of our lives and seemingly its impacting every legal discipline. With the issues so widespread and varied, AI lawyers seemingly need to know how to issue spot everything. Is that even possible? In this episode of The Data Chronicles, we examine relationship between US antitrust law and AI. Host Scott Loughlin leads the conversation with special guests Edith Ramirez, partner at Hogan Lovells and former chairwoman of the Federal Trade Commission (FTC), and Chris Fitzpatrick, senior associate at the firm. Together, they explore how AI is transforming market dynamics and how regulators see AI triggering antitrust legal concerns and obligations.

Maryland's comprehensive data privacy bill

Did you miss our analysis of the Maryland comprehensive privacy bill? If you prefer a quick podcast discussion, we have that too. Join Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells associate Harsimar Dhanoa in a rapid reaction episode discussing the newly passed bill.

The EU AI Act I What you need to know

In this episode of The Data Chronicles, we dive into the groundbreaking legislation of the European Union (EU) Artificial Intelligence (AI) Act. With artificial intelligence increasingly permeating various aspects of our lives, regulating its development and deployment has become the focus of many policymakers. Host Scott Loughlin is joined by Hogan Lovells partner and co-lead of the Privacy and Cybersecurity practice, Eduardo Ustaran, to break down the key components of the EU AI Act and explore its objectives, scope, and implications for businesses around the world. Through tactical insights and analysis, we aim to shed light on how this legislation is shaping the future of artificial intelligence in Europe and beyond.

(Human) AI lawyers I A new legal discipline?

Is AI law a new legal discipline for lawyer specialization? The Data Chroniclesis interested in knowing the answer. In this episode, host Scott Loughlin is joined by two AI attorneys, Tiffany Georgievski, AI, Data Privacy and IP attorney with SonyAI, and Peter Tsapatsaris, lead counsel of AI at Salesforce, as they discuss the role of an AI attorney, the essential skillset required for success, and whether AI law should be new category for the legal bar.

White House Executive Order introduces restrictions on U.S. data transfers

Host Scott Loughlin and Hogan Lovells partner James Denvil examine the recent Executive Order (EO) issued by the Biden Administration. Designed to limit access by countries of concern, including China, to personal data of Americans, this EO marks a significant development in cross-border data protection policy. Together, Scott and James explore the implications of the EO, shedding light on its potential impact on the digital ecosystem and how this game-changer in data governance will have far-reaching effects and challenges for businesses operating in the digital landscape.

Cookie consent in the EU | What you need to know

In this episode of The Data Chronicles, we exam complex legal frameworks for website cookies in the EU. Cookies, those little bits of data stored on our devices, play a significant role in shaping our online experiences, from personalization to tracking user behavior. However, with great power comes great responsibility, and cookies have found themselves at the center of various privacy and compliance debates relating to their lawful use. Host Scott Loughlin is joined by Hogan Lovells partners, Joke Bodewits and Gonzalo Gallego as they highlight the functionality, legality, and future implementation of regulations surrounding cookies in the EU.

Scraping the surface | What you need to know about data scraping

Data scraping, the automated extraction of information from websites, has become a ubiquitous practice in today's data-driven world. However, as organizations harness the power of scraped data to gain insights and drive innovation, questions arise regarding its ethical and legal implications. In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells partner Eduardo Ustaran, counsel Lauren Cury, and senior associate Alyssa Golay as they delve into the realm of intellectual property (IP) and privacy. As the appetite for data grows, so do concerns at safeguarding privacy and IP rights in an increasingly digitized world.

Privacy in the granite state | New Hampshire's upcoming privacy law

Live free or die can now can be applied to consumer privacy. New Hampshire is the latest state to pass comprehensive consumer privacy legislation. Listen in to join host Scott Loughlin and Hogan Lovells associate Harsimar Dhanoa for a rapid-fire analysis of the newly passed bill.

Health privacy | New state consumer health privacy laws

Several states have passed consumer health privacy laws that include unique obligations for a wide array of health-related data. In this episode, host Scott Loughlin is joined by Hogan Lovells counsel Donald DePass and associate Paige Papandrea to discuss the background of these laws, what requirements and trends are in motion, and the challenges that await.

Health privacy | Geofencing

In the post-Dobbs era, concerns have arisen regarding the potential for organizations or governments to gather data from smartphones, revealing information about individuals' visits to medical facilities. Join host Scott Loughlin in this episode as he delves into the pressing issue of geofencing with Hogan Lovells associate, Paige Papandrea. Together, they navigate through the landscape of emerging state laws concerning health privacy and explore the jurisdictions where these laws are emerging, and provide insights into the implications these new requirements hold for organizations navigating the intricacies of health data privacy.

Research data in the EU | Challenges and opportunities

Navigating the intricacies around the secondary use of research data in the European Union (EU) can be daunting. Building upon a previous episode on this subject under U.S. law, in this episode we delve into the EU regulatory landscape governing data usage in research. Scott Loughlin is joined by Hogan Lovells partner, Patrice Navarro, to unravel the complexities, shedding light on the nuanced rules governing data collection and its secondary use for research.

AI governance | What you need to know

Companies are excited about AI and the many benefits it can offer. Meanwhile, the many risks are real and legal teams are looking for ways to manage them. What’s the answer? It starts with AI governance, and that’s the focus of this episode of the Data Chronicles podcast. Host Scott Loughlin is joined by Kimberly Zink, a privacy professional with a long history in leading privacy, data governance and, now, AI teams. Together, they explore how businesses and their legal advisors can transition from merely assessing risks to actively addressing them at scale, including the establishment of the right internal infrastructure and processes to make responsible and risk-based use of AI.

Data protection in Africa

With more than 30 African countries adopting data protection legal frameworks and the rapid development of privacy laws in the Middle East, organizations operating in the Middle East and African (MEA) region need to understand their obligations and compliance risks. On this episode of the Data Chronicles, host Scott Loughlin is joined by Hogan Lovells Senior Associate, Aissatou Sylla, to discuss the general overview for the data protection laws in place in the MEA region, highlight the key privacy considerations and obligations and spotlight enforcement trends for each jurisdiction with respect to consent, direct marketing, DPA registration, data transfers, localization, sensitive data, children's data, breach notification requirements, and more.

Rapid Alert | Responding to zero day found in popular VPN software

Addressing zero-day security vulnerabilities requires fast work. In this 10-minute episode, we highlight a newly announced vulnerability in Ivanti's Connect Secure VPN software that has the government and cyber professionals concerned. Since recording on January 15, 2024, this dynamic threat has rapidly evolved. Professionals report the potential for multiple waves of attempted exploitation. The Data Chronicles is here to help and provide you what you need to know to take action. Host Scott Loughlin is joined by Charles Carmakal, Chief Technology Officer at Mandiant, a prominent cybersecurity firm to discuss the vulnerability, the nature of the threat and immediate mitigation steps.

New Jersey's expected comprehensive privacy bill – instant reactions

Did you miss our analysis of the comprehensive New Jersey consumer privacy bill? If you prefer a quick podcast discussion, we have that too. Join Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells associate Harsimar Dhanoa in a quick reaction episode of The Data Chronicles. They discuss the bill, what’s new, what’s the same, what’s different and what you need to know.

Conducting secondary use of research data in the U.S.

Researchers and sponsors often want to use data from research studies for research not necessarily contemplated in the protocol or informed consent from the study. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by counsel Melissa Levine to discuss the complex interaction of U.S. federal and state research and privacy laws that affect the secondary use of research data. They tackle what organizations should consider when evaluating whether to proceed with a secondary research use, the compliance considerations, and approaches to obtaining consent for secondary use from the start of the study and ways to mitigate risk when the consent obtained does not cover the intended secondary uses.

Chapter 2 Season 1

The predictions episode

In the final episode of season 1, Scott Loughlin and Eduardo Ustaran, co-leads of the Privacy and Cybersecurity practice discuss their privacy and cybersecurity predictions for 2024 in the EU and US. Among trending topics such as generative AI and automated decisionmaking, they touch on the use of technology for employee monitoring, the evolution of international data transfers, the intersection of data security and antitrust, and cybersecurity vulnerabilities in the supply chain. Scott and Eduardo share their forecast on enforcement trends, sensitive data, and privacy and cybersecurity litigation, arising from the delayed discovery of how the internet works.

The DSA's impact on the future of data regulation in Europe

Novel in design and comprehensive in scope, the Digital Services Act is a major reform package that will regulate all online intermediary businesses offering services to EU users starting in 2024. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by partner Anthonia Ghalamkarizadeh to discuss the new compliance obligations online marketplaces, social media sites, app stores, search engines, and other services hosting and/or disseminating user generated / third party content will be made subject to. They discuss what digital platforms should know as the law matures and starts to take a more broad effect on data regulation in Europe.

Insider Threats | Conducting an investigation from a global perspective

Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells partner Christine Gateau and senior associate Dr. Thore Feil discuss what is unique about conducting an insider threat investigation, particularly with respect to global approaches and different jurisdictional sensitivities.

Insider Threats | Conducting an investigation from a U.S. perspective

Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and partner Vassi Iliadis and counsel Adam Cooke delve into the differences and difficulties that come with conducting an insider threat investigation from a U.S. perspective, touching on attorney-client privilege, key stakeholders, and more.

The U.S. health privacy landscape

This special episode, originally recorded at this year’s CAQH Connect conference, features a conversation on the hotlist of issues that touched the health data environment in 2023. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, sits down with partner, co-founder of the Hogan Lovells Privacy and Cybersecurity practice, and former lead lawyer in the development of HIPAA regulations, Marcy Wilder. Together, they discuss the complex U.S. health privacy landscape, the changing enforcement environment, the use of generative AI in the health care sector, and the rise of ransomware and extortion cybersecurity incidents.

President Biden’s AI Executive Order | What you need to know

The Biden Administration has issued an extensive Executive Order establishing new standards for artificial intelligence (AI) safety and security. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Mark Brennan, lead of the Hogan Lovells Technology and Telecoms sector group, and Harsimar Dhanoa, associate in the Privacy and Cybersecurity practice, to discuss the landmark efforts made by the White House as part of a comprehensive U.S. strategy for responsible AI innovation. The episode covers how this EO and other shifting frameworks will impact both developers and users of AI, how organizations can start preparing today, and what the future of AI regulation may look like.

Implementing governance | What companies and their boards need to know

In this episode, we delve into the realm of cybersecurity, with a particular focus on the concept of cybersecurity governance. Cybersecurity governance entails managing the human elements within organizations, uniting multiple departments, diverse personalities, and various dynamics to address a common challenge. Scott Loughlin, co-lead of the Hogan Lovells Privacy & Cybersecurity practice, is accompanied by Mike Priest, Chief Information Security Officer at Globe Life, and Jason Fruge, former Chief Information Security Officer at Upbound Group. Together, they explore various guidance documents, frameworks and methods through which cybersecurity professionals can deliver significant value to their executive teams and their boards.

Data, innovation, and tech in public spaces

In this episode we embark on a fascinating journey into the heart of Miami, where innovative technology and data-driven insights are transforming the urban landscape. The Underline, a 10-mile linear park designed by the world-renowned architects of New York’s High Line, is redefining Miami's public spaces and connectivity, transforming the city's underutilized spaces into vibrant, green, and connected corridors. Scott Loughlin, co-lead of the Hogan Lovells Privacy & Cybersecurity practice, is joined by Hogan Lovells Counsel and Pro Bono Counsel to The Underline, Daniel Balmori, and The Underline's Chief Innovation Officer, Jake Moskowitz, to discuss how data and technology can shape a more connected, sustainable, and inclusive city.

Insider Threats | The start

Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, discusses with Hogan Lovells partners James Denvil and David Sharfstein, and senior associate, Alicia Paller, how to kick off an insider threat investigation and factors companies should keep in mind.

Insider Threats | The overview

Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells partners Pete Marta and Stephanie Yonekura lay the foundation for how insider threats may present within organizations and how companies may prepare to mitigate the associated risks.

CCPA draft regulations | Part 2: Cybersecurity audits

In our second installment of our two-part series, we discuss the proposed rules issued by the California Privacy Protection Agency (the CPPA) focusing on cybersecurity and the requirement to conduct cybersecurity assessments. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Hogan Lovells associates Dan Ongaro and Alaa Salaheldin as they explore the implications these cybersecurity requirements will have on data professionals, businesses, as well as corporate boards.

CCPA draft regulations | Part 1: Risk assessments

In September, the Board of the California Privacy Protection Agency (CPPA) announced the first public drafts of two forthcoming sets of regulations relating to the California Consumer Privacy Act and California Privacy Rights Act. These “discussion” drafts focus on new requirements related to cybersecurity audits, privacy risk assessments, AI, and automated decision-making. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Hogan Lovells senior associate Aaron Lariviere to explain the context for the draft regulations, to walk through key features of the privacy risk assessment regulations, and to explore the potential impacts these regulations will have for businesses.

The role of Data Protection Officers from a European perspective

The role of a Data Protection Officer (DPO) has been well-known under data protection laws in Europe, currently under the EU GDPR, and prior to that, the EU Data Protection Directive. The role goes as far back as the 1970s, however, despite its established history, numerous questions continue to revolve around the responsibilities of a DPO. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, sits down with Hogan Lovells partner Christian Tinnefeld to discuss the ever-evolving role of a DPO and provide some practical tips for those serving in the function.

The False Claims Act & cybersecurity

In this episode of The Data Chronicles, we delve into the emerging realm of cyber risk and liability and its connection to the False Claims Act. Join us as Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, engages in a conversation with Hogan Lovells partner Mike Scheimer and counsel Stacy Hadeka. Together, they explore the implications when organizations holding government contracts face allegations of breaching their cybersecurity commitments. Discover why this is a vital concern, particularly for defense contractors, universities, and any entity providing products and services to the United States Government receiving CUI or subject to unique cybersecurity requirements such as CMMC.

Meeting the mark | FCC proposed cybersecurity labeling program for IoT devices

The Federal Communications Commission (FCC) has proposed a voluntary cybersecurity labeling program to address unique cybersecurity concerns associated with the growing number of Internet of Things (IoT) devices. Against the backdrop of the FCC’s Notice of Proposed Rulemaking (NPRM), Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, discusses with Hogan Lovells partners Ari Fitzgerald and Katy Milner the scope of the FCC’s proposed program (covering everything from mobile phones and computers to Internet-connected refrigerators, cars, and speakers) and how manufacturers of these devices should be thinking about the new requirements.

Data breach litigation | Navigating arbitration risk

In the second installment of our two-episode series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells litigation partner Vassi Iliadis and associate Laura Penaranda for an in-depth discussion on arbitration risks and class action waivers. They delve into the effects these provisions have on consumer-facing companies after a data security issue, resulting in an increase in arbitration demands due to clauses that are included in common terms of use contracts. The discussion provides an overview of arbitration risks, the impact of mass arbitration, and what companies should consider when revising their arbitration agreements.

Burning issues | Understanding SEC's cybersecurity rules

This episode explores the recently adopted rules from the U.S. Securities and Exchange Commission (SEC) on cybersecurity disclosures for publicly traded companies. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, chats with Hogan Lovells partners John Beckman, Allison Holt Ryan, and Paul Otto as they uncover key elements of these rule changes, including enhanced disclosure requirements for certain cybersecurity incidents, cyber risk management expectations, and updated processes for cybersecurity oversight and reporting.

Data breach litigation | Navigating the shifting landscape

In today's digital age, the challenges of cybersecurity are increasing and evolving. When a data breach happens, the legal aftermath can be both complex and costly. In the first installment of a two part series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells litigation partner Allison Holt Ryan and counsel Adam Cooke as they discuss the ins and outs of data breach litigation, focusing on the current environment, a recent Fourth Circuit decision and its implications, and steps businesses can consider as they work to mitigate data breach litigation risk.

The Data Privacy Framework | Importer’s perspective

The European Commission’s adoption of its adequacy decision for the EU-U.S. Data Privacy Framework cleared the way for U.S.-based entities to certify their participation and begin importing EU personal data. In this second installment of a two-episode series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, chats with U.S.-based colleagues, partner Bret Cohen, and senior associates Julian Flamant and Natalie Perez, to discuss the history of Trans-Atlantic data flows and unpack how U.S. importers can leverage the Framework.

FTC's proposed changes highlight heightened scrutiny of health & wellness tech

The explosive growth of direct-to-consumer health and wellness technologies that increase the amount of health data collected from consumers has triggered further action by state legislators and federal regulators. Scott Loughlin, co-lead of the Privacy and Cybersecurity practice, is joined by Hogan Lovells senior associate Alyssa Golay and associate Fleur Oké to discuss the proposed changes to the FTC’s Health Breach Notification Rule (HBNR), recent enforcement actions, regulator guidance, and what these actions mean for health and wellness technologies and their use of consumer data.

Initial reactions to India’s new Digital Personal Data Protection Bill

India will have a new comprehensive privacy law, which will shake up the data protection world in the region and require companies to rethink their global privacy compliance programs. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice is joined by Stephen Mathias, Partner and Co-Chair of the Technology Practice at Kochhar & Co, a leading law firm in India, to discuss the new law, which is named the Digital Personal Data Protection Bill 2023 (DPDPB). Scott and Stephen go into detail regarding the DPDPB’s areas of focus, how it compares to the GDPR, and what significant obligations and ramifications the bill has for global compliance programs and those who oversee them.

The early days of privacy law and an outlook for the future

In this episode, Scott Loughlin, co-lead of the Privacy and Cybersecurity practice, is joined by senior counsel and co-founder of the Hogan Lovells Privacy and Cybersecurity practice, Christopher Wolf, for a discussion the beginnings of privacy law. Chris details how he, along with other key originators, drove the creation of privacy as a distinct legal practice area. He provides great insight on the evolution of the industry, and more importantly, his forecast on where privacy is headed and what new attorneys or law students should know as they consider a focused practice in privacy.

The FCC’s role in privacy & cybersecurity law

This episode explores the launch of the Federal Communications Commission (FCC) first-ever privacy and data protection task force, developed to address broader data privacy concerns. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, hosts a discussion with Hogan Lovells partner Katy Milner and senior counsel Charles Mathias regarding the creation of the task force and what this means for the future of privacy regulation and oversight in the telecommunications industry and beyond.

The Data Privacy Framework | Exporter's perspective

Earlier in July, the European Commission adopted its eagerly anticipated adequacy decision on international data transfers under the EU-U.S. Data Privacy Framework. The adequacy decision was preceded by substantial changes to U.S. intelligence-gathering requirements that have cleared the path for transfers of EU personal data. In the first installment of a two part series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells partner Eduardo Ustaran and senior associate Julie Schwartz highlighting what the adequacy decision means for EU-based data exporters and the future of the framework in light of expected legal challenges. Stay tuned for a second episode that covers the U.S. importer’s perspective on the Framework.

Automotive biometrics drive innovation and litigation risk

Automobile original equipment manufacturers (OEMs) are increasingly incorporating biometric trackers and analytics into a broad array of vehicle features to improve security and safety. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells partner James Denvil, senior associate Alicia Paller, and associate Jay Ettinger on how the use of biometric data continues to play an increasingly prominent role in the automotive industry, U.S. legal traps for unwary, and how litigation is likely to follow.