My Content
Insights

France’s High Court Clarifies the Boundary Between Pseudonymization and Anonymization

France’s Conseil d’État—the country’s highest administrative court—rejected challenges by three companies in the Cegedim group to CNIL fines totaling €1.8 million, delivering an important ruling on when pseudonymized health data remains personal data under the GDPR.

The companies operated two databases, fed by data collected from doctors’ practice management software and pharmacy systems. By March 2021, one database held data ...

Ninth Circuit Clarifies Its Class Action Jurisdiction Over Foreign Companies Operating Online

On March 2, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant decision in *Freeman v. 3Commas Technologies OÜ*, reversing a district court’s dismissal of a class action against an Estonian cryptocurrency trading software company for lack of personal jurisdiction in California. The ruling provides important guidance on when foreign technology companies that operate online platforms ...

Israeli Supreme Court Punishes Municipality’s Reckless Use of AI

Israel’s Supreme Court ruled on March 22, 2026 that the municipality of Ramat Gan made “reckless” use of artificial intelligence in administrative proceedings concerning a child with special needs. The court found that the municipality relied on materials generated by AI tools that included a non-existent Education Ministry directive and fabricated court rulings, and exceptionally ordered the municipality to pay ...

EDPB and EDPS Issue Joint Opinions on Cybersecurity and Biotech Proposals

The European Data Protection Board and the European Data Protection Supervisor adopted two significant Joint Opinions in March 2026, addressing major European Commission legislative proposals that intersect with cybersecurity, health data governance, and data protection.

On March 19, the EDPB and EDPS published their Joint Opinion on the proposed Cybersecurity Act 2 (CSA2) and the proposed amendments to the NIS2 ...

EU Commission Publishes Draft Guidance on the Cyber Resilience Act and AI Transparency

The European Commission published two significant sets of draft guidelines in March 2026, providing practical compliance guidance for two of the EU’s most consequential recent digital regulations.

On March 3, 2026, the Commission published draft guidelines intended to clarify the application of the EU Cyber Resilience Act (CRA) and opened a public consultation for stakeholder feedback. The CRA, which entered ...

Anthropic Sues Department of Defense Over Supply Chain Risk Designation

On March 9, 2026, AI company Anthropic filed two federal lawsuits against the Department of Defense—one in the U.S. District Court for the Northern District of California and one in the D.C. Circuit Court of Appeals—challenging the Pentagon’s designation of Anthropic as a “supply chain risk.” The lawsuits cap a weeks-long public confrontation between one of the world’s leading AI ...

More of My Content
Insights
More Insights