The Data Chronicles

Data brokers sit at the center of a fast-shifting legal landscape. 

This episode of The Data Chronicles breaks down the expanding patchwork of state data broker laws, from registration and public listings to how these obligations interact with broader privacy requirements. It also looks at the stigma tied to the “data broker” label, how regulators and plaintiffs’ lawyers are using registration data to target scrutiny, and the added federal pressure created by PADFA and the DOJ’s Data Security Program. 

The discussion closes with a practical checklist for companies that license or share data, including how to identify if you may be a data broker, where exemptions could apply, and what steps help reduce registration and enforcement risk.

In our annual “Look Back, Look Forward” edition of The Data Chronicles, Scott Loughlin and Eduardo Ustaran, co-leads of Hogan Lovells’ Global Data, Privacy and Cybersecurity practice, reflect on the most important developments in privacy, cybersecurity, and data regulation in 2025 and share their outlook for 2026. It has become the most popular episode of the year, drawing strong interest from listeners across regions and sectors.

 

The conversation covers the global impact of artificial intelligence, evolving regulatory priorities in the UK, EU, and US, and the ongoing balance between innovation and regulation. Topics include potential GDPR reform, biometrics and age verification, geopolitics and data protection, international data transfers, and the growing focus on AI governance and children’s data.

What can businesses expect from the U.S. Federal Trade Commission on privacy and data enforcement as we move into 2026? In this episode of The Data Chronicles, host Scott Loughlin is joined by Cobun Zweifel-Keegan, Managing Director at the IAPP, for a practical year-end review of the FTC’s 2025 enforcement priorities and what they signal for the year ahead.

 

Together, Scott and Cobun break down how a change in administration reshaped the agency’s focus this year, with heightened attention on children’s and teens’ privacy, COPPA enforcement, cross-platform data collection, and growing concerns around the sale of Americans’ sensitive information to foreign adversary countries. They also discuss the FTC’s evolving view of privacy as both a consumer protection and national security issue.

 

The conversation also covers the operational and strategic impact of the FTC operating with only two sitting commissioners, and how today’s enforcement posture compares with the more aggressive approach under the prior administration.

India has taken a major step in reshaping its digital future. After years of drafts and debate, the country has finalized the Digital Personal Data Protection Act (DPDPA) and issued detailed rules that bring the law fully to life. With implementation now scheduled over the next 18 months, organizations have clear timelines and a more definitive view of the significant compliance work ahead. 

In this episode, host Scott Loughlin is joined by Stephen Mathias, partner and head of the Bangalore office at Kochhar & Company, and Hogan Lovells partner Charmian Aw, who leads the Hogan Lovells APAC Data, Privacy and Cybersecurity practice. Together, they discuss the core features of India’s new law, including its consent-based framework, extraterritorial reach, and parallels with the EU GDPR. 

The conversation covers the key steps companies should be taking now, from redesigning data architecture and consent flows to assessing breach response readiness. The episode also explores global business implications, enforcement expectations, and how the DPDPA fits into the broader regional privacy landscape. 

Whether you’re operating in India or serving customers there, this discussion offers practical insights on what’s changing, why it matters, and how to prepare.

The U.S. Department of Justice’s Data Security Program is reshaping how companies manage cross-border data activities. This episode of The Data Chronicles breaks down what the rule does, why it was created, and the types of transactions it restricts or prohibits—from data brokerage to vendor access to bulk genomic data.

Host Scott Loughlin is joined by Hogan Lovells partner James Denvil and associate Lorea Mendiguren to walk through the rule’s core elements and the open questions around implementation, risk, and compliance. They share practical insights from advising companies in e-commerce, health, and life sciences as they adjust to this new national-security-driven framework.