India has taken a major step in reshaping its digital future. After years of drafts and debate, the country has finalized the Digital Personal Data Protection Act (DPDPA) and issued detailed rules that bring the law fully to life. With implementation now scheduled over the next 18 months, organizations have clear timelines and a more definitive view of the significant compliance work ahead.
In this episode, host Scott Loughlin is joined by Stephen Mathias, partner and head of the Bangalore office at Kochhar & Company, and Hogan Lovells partner Charmian Aw, who leads the Hogan Lovells APAC Data, Privacy and Cybersecurity practice. Together, they discuss the core features of India’s new law, including its consent-based framework, extraterritorial reach, and parallels with the EU GDPR.
The conversation covers the key steps companies should be taking now, from redesigning data architecture and consent flows to assessing breach response readiness. The episode also explores global business implications, enforcement expectations, and how the DPDPA fits into the broader regional privacy landscape.
Whether you’re operating in India or serving customers there, this discussion offers practical insights on what’s changing, why it matters, and how to prepare.
--------
40:01
--------
40:01
The Data Chronicles | The U.S. Data Security Program and the future of cross-border data
The U.S. Department of Justice’s Data Security Program is reshaping how companies manage cross-border data activities. This episode of The Data Chronicles breaks down what the rule does, why it was created, and the types of transactions it restricts or prohibits—from data brokerage to vendor access to bulk genomic data.
Host Scott Loughlin is joined by Hogan Lovells partner James Denvil and associate Lorea Mendiguren to walk through the rule’s core elements and the open questions around implementation, risk, and compliance. They share practical insights from advising companies in e-commerce, health, and life sciences as they adjust to this new national-security-driven framework.
--------
41:56
--------
41:56
Checking in on APAC | Regulating for innovation
In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells partners Eduardo Ustaran and Charmian Aw to examine how regulators are rethinking the relationship between AI, innovation, and privacy. They discuss why many regulators view data protection rules not as obstacles, but as guardrails that can support responsible AI development through tools like impact assessments, transparency, and data minimization.
Eduardo shares insights from the Global Privacy Assembly, which brought together more than 140 data protection authorities from over 90 countries for regulator-led discussions on AI in daily life, cross-border data transfers, children’s privacy, privacy-enhancing technologies, and other issues shaping global enforcement trends. Charmian, who leads the firm’s Asia-Pacific Data, Privacy and Cybersecurity team, adds an APAC perspective with takeaways from the Global Cross-Border Privacy Rules Forum and the region’s growing push for interoperability in data transfers and enforcement cooperation.
We also highlight the launch of our Asia Pacific Privacy Legislation Tracker, a new tool that compares privacy requirements across APAC jurisdictions designed to support companies in navigating the region’s evolving data protection landscape.
--------
49:16
--------
49:16
How states are shaping AI legislation
How are U.S. states shaping the future of artificial intelligence? In this episode of The Data Chronicles, we unpack The State of State AI, the latest report from the Future of Privacy Forum (FPF) analyzing more than 200 AI-related bills introduced across 42 states.
Host Scott Loughlin is joined by Justine Gluck, a policy analyst at FPF, to discuss how lawmakers are shifting toward targeted, transparency-driven regulation, focusing on areas such as healthcare, chatbot use, liability frameworks, and innovation sandboxes, rather than pursuing a single sweeping national approach. Together, they explore how these trends signal where AI policymaking is headed and what it means for developers, deployers, and consumers.
--------
38:37
--------
38:37
From runways to railways | The new frontiers of transportation cybersecurity
In this episode of The Data Chronicles, host Scott Loughlin welcomes Adam Smith, Regulatory Lead – Cybersecurity at Southwest Airlines, to explore the evolving landscape of cybersecurity in the transportation sector.
Together, they fly through the real-world stakes of protecting critical infrastructure – from airports and railways to the systems that underpin national security. The conversation unpacks the complexity of regulatory frameworks, the challenges of incident response, and the vital role of collaboration among regulators, operators, and vendors.
Welcome to The Data Chronicles, hosted by partner Scott Loughlin, Co-Lead of the Hogan Lovells global Data, Privacy and Cybersecurity practice. This multimedia series is dedicated to the ever-changing legal and regulatory developments in the world of data, privacy, and cybersecurity. Join us as we unravel and unpack various regulatory frameworks and legal developments around the globe.
Netherlands