Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
The CFPB is Reconsidering Personal Financial Data Rights Rule Under the Dodd-Frank Act
By Trisha Sircar
On August 22, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking seeking public comment on potential revisions to its Personal Financial Data Rights Rule (the Rule) under Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Specifically, the CFPB is seeking comments on four issues — these comments must be submitted by October 21, 2025. The CFPB will use the information it gathers from the comments to determine whether to formally propose a new rule. Read more about the four issues the CFPB is seeking comments on, including whether the Rule provides adequate protection of consumer privacy.
A (Byrne &) Storm is Brewing – Do Not Ignore the Online Safety Act’s International Reach
By Terry Green
Under the UK Online Safety Act (OSA), deadlines for platforms to implement highly effective age verification and conduct risk assessments have passed. Now, it appears that the Office of Communications' (Ofcom) enforcement actions against international entities have caught the attention of organizations across the Atlantic, raising questions regarding enforceability and free speech. Preston Byrne, a managing partner at US law firm Byrne & Storm P.C., has announced his intention to file a US federal lawsuit against Ofcom "to protect all Americans from UK censorship". Although the political aspects of Ofcom's international enforcement are still unclear, Ofcom's legal powers are clearly set out in the OSA and follow a defined escalation pathway. Read more about Ofcom's investigatory process and OSA enforcement beyond the United Kingdom.
*Larry Wong, a trainee in Katten's London office, contributed to this article.
ESAs Publish Guide on Oversight of Critical ICT Third-Party Service Providers Under DORA
By Nathaniel Lalone and Ciara McBrien
The European Supervisory Authorities (ESAs) recently published a comprehensive guide (Guide) on the oversight of critical information and communications technology (ICT) third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). This Guide marks another step in the implementation of DORA, and aims to strengthen the digital operational resilience of the EU financial sector, clarify the DORA oversight framework, explain its practical application and foster a common understanding among all parties involved. Read more about key elements of the DORA oversight regime.
Tokenization of Real-World Assets: Opportunities, Challenges and the Path Ahead
By Daniel Davis, Ryan Hansen, Edward Tran, Christopher Collins and Alexander Kim
Mainstream financial institutions now offer token-friendly custody and settlement, global exchanges are piloting digital-asset divisions, and traditional asset managers are dipping their toes into tokenized share classes. Tokens are digital assets that represent ownership, rights or value, existing on a blockchain or other distributed ledger technology (DLT). Tokenization of real-world assets (RWA) is the process of representing rights in an asset through a cryptographically secured digital token recorded on a distributed ledger. Key benefits and advantages of RWA tokenization include enhanced liquidity, efficiency and transparency, with the potential to massively simplify current record-keeping with enhanced data disclosure. However, there are concerns surrounding security risks associated with DLT, including private-key theft, protocol bugs and cybercrime. Read more about key debates and considerations related to tokenization.
