The Data Chronicles

Cybersecurity enforcement is entering a new phase – one where technical failures are increasingly reframed as fraud risk.

 

This episode of The Data Chronicles explores how the U.S. Department of Justice is using the False Claims Act to pursue alleged misrepresentations about cybersecurity controls, compliance, and incident disclosure in government contracts and grants.

 

We examine emerging enforcement patterns, practical risk signals for contractors, and what organizations should be doing now to reduce exposure, with further insights available in our 2026 False Claims Act Guide.

AI regulatory enforcement is accelerating – often under laws that were conceived well before the unstoppable emergence of AI. This episode of The Data Chronicles examines how regulators and courts across Europe and beyond are applying existing frameworks, from the GDPR to consumer and competition law, to AI development and deployment.

We explore emerging enforcement patterns, including scrutiny of AI training data, transparency obligations, data subject rights, and the growing use of urgent regulatory measures. The discussion also looks ahead to how enforcement may evolve as AI-specific regulation advances, and what these developments signal for organizations operating globally.

AI and intellectual property are evolving fast – and creating real uncertainty for companies building with or around AI. 

This episode of The Data Chronicles breaks down the key IP claims emerging today, from copyright and DMCA theories to right of publicity, trademark, and output based risks. 

We look at how early court decisions are treating AI training and outputs, why plaintiffs are pivoting toward DMCA and misattribution claims, and where regulators like the FTC may (and may not) step in. 

We close with a practical checklist for organizations using or developing AI, as the landscape continues to shift.

Data brokers sit at the center of a fast-shifting legal landscape. 

This episode of The Data Chronicles breaks down the expanding patchwork of state data broker laws, from registration and public listings to how these obligations interact with broader privacy requirements. It also looks at the stigma tied to the “data broker” label, how regulators and plaintiffs’ lawyers are using registration data to target scrutiny, and the added federal pressure created by PADFA and the DOJ’s Data Security Program. 

The discussion closes with a practical checklist for companies that license or share data, including how to identify if you may be a data broker, where exemptions could apply, and what steps help reduce registration and enforcement risk.

In our annual “Look Back, Look Forward” edition of The Data Chronicles, Scott Loughlin and Eduardo Ustaran, co-leads of Hogan Lovells’ Global Data, Privacy and Cybersecurity practice, reflect on the most important developments in privacy, cybersecurity, and data regulation in 2025 and share their outlook for 2026. It has become the most popular episode of the year, drawing strong interest from listeners across regions and sectors.

 

The conversation covers the global impact of artificial intelligence, evolving regulatory priorities in the UK, EU, and US, and the ongoing balance between innovation and regulation. Topics include potential GDPR reform, biometrics and age verification, geopolitics and data protection, international data transfers, and the growing focus on AI governance and children’s data.