Martha Hirst – Debevoise Data Blog

Announcement

Debevoise Data Blog: Top 5 Privacy Posts of 2025

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Robert Maddox, Julie M. Riewe, Kristin Snyder, Rick Sofield, Sheena Paul, Johanna Skrzypczyk, HJ Brehmer, Martha Hirst, Suchita Mandavilli Brundage, Melyssa Eigen, Ned Terrace, Michelle Shen, Diane Bernabei and Mengyi Xu December 11, 2025

As we approach the end of the year, here are the top 5 privacy posts on the Debevoise Data Blog in 2025. Takeaways for Large Firms from the SEC’s Reg…

Artificial Intelligence

Debevoise Data Blog: Top 14 AI Posts of 2025

By: Charu A. Chandrasekhar, Andrew J. Ceresney, Courtney M. Dankworth, Avi Gesser, Robert B. Kaplan, Gordon Moodie, Jim Pastore, Julie M. Riewe, Jeff Robins, Kristin Snyder, Matt Kelly, Johanna Skrzypczyk, Karen Levy, Diane Bernabei, Michael Bloom, HJ Brehmer, Suchita Mandavilli Brundage, Melyssa Eigen, Joshua A. Goland, Martha Hirst, Gabriel Kohan, Carl Lasker, Jeremy Liss, Andreas Constantine Pavlou, Joshua Plastrik, Achutha Raman, Adam Shankman, Stephanie Thomas, Nathaniel Waldman, Annabella M. Waszkiewicz, Stan Gershengoren, William Sadd, Nicholas T. Ziebell, Patty (Virtual AI Specialist) and Sergio (Virtual AI Specialist) December 8, 2025

Why Agentic AI Often Fails and the Enduring Value of Human Judgment (11/4/2025) We’ve been doing a lot of work recently on agentic AI workflows. In this post, we share…

Artificial Intelligence

The UK’s New Automated Decision-Making Rules – And How they Compare to the EU GDPR

By: Robert Maddox, Martha Hirst and Michiko Wongso November 19, 2025

This summer, the UK enacted the long-anticipated Data (Use and Access) Act 2025 (“DUAA”), the first major amendments to the UK’s data protection legislation since Brexit. The changes include substantial…

Artificial Intelligence

EU Data Act – Key Provisions and What You Need to Know

By: Robert Maddox, Martha Hirst and Diane Bernabei October 9, 2025

The EU Data Act (or the “Act”) is a new regulation that establishes rules on who can access and use data generated by connected devices and related services – data…

Artificial Intelligence

The Second Wave of EU AI Act Requirements are In Force: Five Things Business Should Know

By: Avi Gesser, Matt Kelly and Martha Hirst August 5, 2025

On 2 August 2025, the second wave of requirements under the EU AI Act (the “Act”) entered into force, following the first implementation phase six months ago. This latest set…

Artificial Intelligence

The EU AI Act’s GPAI Model Rules: EU Publishes Guidance & Codes of Practice

By: Avi Gesser, Matt Kelly and Martha Hirst July 28, 2025

Ahead of the EU AI Act’s (the “Act”) General Purpose AI (“GPAI”) model requirements coming into force on 2 August 2025, EU authorities have released further guidance and Codes of…

Artificial Intelligence

Europe’s Regulatory Approach to AI in the Insurance Industry

By: Avi Gesser, Clare Swirski, Martha Hirst and Dominic O'Leary May 21, 2025

The insurance industry has been an early adopter of AI systems, which are reshaping how insurers assess risk, underwrite policies, detect fraud, engage with customers, and conduct their internal business…

Artificial Intelligence

GDPR Considerations When Developing and Deploying AI Models: The EDPB’s Opinion on Compliance

By: Avi Gesser, Robert Maddox, Martha Hirst, Ned Terrace, Michiko Wongso and Olivia Halderthay April 14, 2025

Given that AI models require large swathes of data to operate, the GDPR’s expansive definition of personal data means that many applications of AI involve complex data protection issues –…

Artificial Intelligence

South Korea Enacts New AI Law

By: Avi Gesser, Mengyi Xu, Martha Hirst, Cameron Sharp, Diane Bernabei and Michelle Shen March 24, 2025

South Korea has become the latest country to pass a national AI law. The “Basic Act on the Development of Artificial Intelligence and Establishment of Foundation for Trust” (the “Basic…

DORA

European Data Protection Roundup – January 2025

By: Robert Maddox, Martha Hirst, Ned Terrace, Olivia Halderthay and Christina Newall February 28, 2025

Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…