The long-awaited EU Corporate Sustainability Due Diligence Directive (CS3D or CSDDD) was adopted May 24, 2024, by decision of the European Council, following approval by the European Parliament one month earlier....more
On Wednesday, March 13, the European Parliament approved the regulation harmonizing rules on artificial intelligence (AI) (the AI Act). Stakeholders must comply with the AI Act due to its global reach, when it takes effect...more
On July 10, the European Union and the United States finalized the EU-U.S. Data Privacy Framework (DPF), an agreement that allows for the transfer of personal data from residents of the EU to certified companies in the U.S....more
7/26/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
International Data Transfers ,
Personal Data ,
Regulatory Reform ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
U.S. Commerce Department
On June 4, the European Commission (EC) adopted two sets of standard contractual clauses (SCCs) for use between controllers and processers in the European Economic Area (EEA) and for the transfer of data between EEA and...more
6/17/2021
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On Nov. 11, 2020, the European Data Protection Board (EDPB) published eagerly anticipated guidance in the wake of the July 2020 European Court of Justice’s (ECJ) decision in Schrems II, outlining a process for ensuring data...more
11/23/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
11/5/2020
/ British Airways ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular
On July 16, the European Court of Justice (ECJ or the Court) struck down the EU-U.S. Privacy Shield program. The ruling invalidated an earlier European Commission (Commission) decision (Privacy Shield adequacy determination)...more
1. Binding Corporate Rules To Facilitate Intragroup Data Transfer -
Personal data is meant to circulate without boundaries inside the European Union (EU). The General Data Protection Regulation (GDPR) subjects personal...more
Until recently, whistleblowing raised many concerns in France and other European countries. Reporting on colleagues’ behavior, even if unlawful, was seen as risky business that could lead to dismissals and criminal sanctions...more
Danske Bank is likely to again become the target of a formal investigation in France. A Paris court began investigating Danske Bank in October 2017 in relation to transactions of its Estonian branch, between 2008 and 2011,...more
2/1/2019
/ Corruption ,
Danske Bank ,
Enforcement Actions ,
Estonia ,
EU ,
Financial Transactions ,
France ,
Investigations ,
Money Laundering ,
Reasonable Suspicion ,
Regulatory Violations ,
White Collar Crimes
This Update highlights key legal and policy developments in cybersecurity and privacy law that may impact important trends for 2019 and beyond. A central takeaway from 2018 is that regulators in the U.S. and abroad are...more
1/28/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
CLOUD Act ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Google ,
Hackers ,
International Data Transfers ,
Marriott ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Power Plants ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Stored Communications Act
On April 23 2018, the European Commission published a proposal for a Directive (the proposal or the Directive) on whistleblower protections in response to a request from the European Parliament...more
Dans moins de quatre mois, le 25 mai 2018, le règlement général de l'Union européenne sur la protection des données (« RGPD ») entrera en vigueur et la loi française, actuellement en discussion devant le parlement, qui tient...more
2/5/2018
/ Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
In less than four months, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will enter into full effect, bringing with it an array of new individual rights and regulatory requirements....more
Whistleblowing has been part of the U.S. legal tradition, if not since the resolution passed by the Continental Congress in 1778, at least since the adoption of the 1863 False Claims Act. With regard to the disclosure of...more
5/26/2017
/ Anti-Corruption ,
Antitrust Provisions ,
Cartels ,
Cyber Attacks ,
Data Protection ,
EU ,
EU Trade Secrets Directive ,
European Commission ,
Popular ,
Sapin II ,
Trade Secrets ,
Whistleblower Protection Policies ,
Whistleblowers