2025 Data law trends

Executive summary

The 2025 Data Law Trends report is here, and this year’s findings reveal one thing loud and clear: the pace of change in data law is accelerating, profoundly impacting businesses.

We’ve identified eight key trends that will shape the future, and they’re more than just legal shifts – they’re strategic opportunities for those ready to act.

Last year, we reported on key disruptions as new technologies and regulations began to take hold. In 2025, the stakes are even higher. Data laws are shaping everything from risk management to growth opportunities, and staying ahead of these shifts is critical.

Data law is no longer a peripheral concern – it’s the heartbeat of modern business strategy. As we stand on the brink of transformative change, it’s crucial to recognize that adapting to these emerging trends is not just about compliance; it’s about seizing the competitive advantage in a data-driven landscape. This report equips you with the insights to not only navigate the complexities ahead but to thrive in them.

Christine Lyon, Giles Pratt and Christoph Werkmeister
Global Co-heads of the Freshfields data privacy and security practice

From the rise of AI governance to the tightening of data transfers, these trends reflect the new realities of doing business in a data-driven world. Each one has been carefully pinpointed by our global team of experts, who are advising top tech companies on the frontlines of these changes.

This report breaks down the major trends, including:

AI governance takes center stage – As AI becomes increasingly central to business, the focus on governance and accountability intensifies.
International data transfers are under the spotlight – Navigating the evolving landscape of cross-border data flows will be essential.
A new wave of cyber threats is here – Cyber threats continue to evolve, and data laws are playing a key role in shaping how businesses respond.
New global regulations are changing our digital operations – Stricter regulations around online content and transparency are set to impact businesses worldwide.
Tougher enforcement is reshaping data and privacy compliance – Expect more robust enforcement actions, including as regulators intensify their focus on AI-related
data practices.
US state consumer privacy laws are expanding – As privacy regulations spread across US states, businesses need to adapt quickly.
Asia’s privacy laws are maturing – Asia’s data privacy landscape is evolving fast, and businesses must stay agile to remain compliant.
New EU data access regulations are shaping the future – The EU’s upcoming regulations on data access will have wide-reaching implications.

Our goal with this report is simple: to give you the insights you need to stay ahead of these changes. It’s a guide to help you prepare your business, navigate the challenges, and seize the opportunities.

Dive in – the future of data law is here, and it’s moving fast.

Notes

Data protection and privacy laws, which we collectively refer to as ‘privacy laws’ in this report, vary around the world – along with their associated terminology and definitions. Given the global influence of EU privacy laws, especially the General Data Protection Regulation (GDPR), this report generally uses EU privacy law terminology to refer to similar concepts (eg ‘personal data’, ‘data protection impact assessments’, ‘data protection officers’ and ‘data subjects’) since readers will often be most familiar with those terms.

Law stated as at 1 October 2024

Back to top.