On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
4/25/2025
/ AI Act ,
Artificial Intelligence ,
Blockchain ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Technology
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
4/16/2025
/ Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
Financial Institutions ,
Information Technology ,
Regulatory Requirements ,
Risk Management ,
Subcontractors ,
Third-Party Service Provider
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
The integration of AI in the workplace is revolutionising HR. From recruitment to performance analysis, AI use cases can streamline HR processes and enhance productivity. However, the deployment of AI by employers also brings...more
3/18/2025
/ AI Act ,
Artificial Intelligence ,
Bias ,
Employees ,
Employer Liability Issues ,
Employment Policies ,
EU ,
Human Resources Professionals ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
UK
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22).
This judgment clarifies the GDPR provisions regarding the right of access to personal...more
3/13/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subject Access Requests ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Trade Secrets
On February 3 2025, the European Commission published an updated version of the Frequently Asked Questions (FAQs) about the Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act). Key...more
2/27/2025
/ Compliance ,
DATA Act ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Marketplace ,
EU ,
European Commission ,
Regulatory Agenda ,
Regulatory Requirements ,
Technology Sector
What are we really talking about and what are the legal implications under the EU AI Act?
The rapid evolution of artificial intelligence (AI) has led to significant opportunities and challenges, especially in the realm of...more
The European Union Artificial Intelligence Act (AI Act) entered into force on 1 August 2024. The AI Act establishes a risk-based approach to AI, prohibiting certain practices that are deemed unacceptable, such as social...more
2/6/2025
/ Artificial Intelligence ,
Compliance ,
Data Protection ,
Enforcement Actions ,
EU ,
European Commission ,
Healthcare ,
Regulation ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On January 21 2025, the Council of the European Union (Council) announced its decision to adopt the Regulation of the European Parliament and of the Council on the European Health Data Space (EHDS).
As we have previously...more
1/29/2025
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Health Care Providers ,
Healthcare ,
Member State ,
Patient Privacy Rights ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda
On December 2 – 3 2024, the European Data Protection Board (EDPB) met for its 99th plenary session. It subsequently issued several documents, one of which calls for the need for greater alignment between the GDPR and EU...more
12/12/2024
/ Artificial Intelligence ,
Data Protection ,
Digital Markets Strategy ,
Digital Services ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Regulatory Agenda
On November 14, 2024, the European Commission published the first draft of the General-Purpose AI Code of Practice (the Draft Code).
The Draft Code is designed to help providers of general-purpose AI models (GPAI) and...more
12/2/2024
/ Artificial Intelligence ,
Copyright ,
Corporate Counsel ,
Cyber Incident Reporting ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Risk Management ,
Robots ,
Taxonomy ,
Technology Sector ,
Transparency
On November 5, 2024, the European Data Protection Board (EDPB) issued its first report under the EU-U.S. Data Privacy Framework (DPF) and released a statement on the access to data for law enforcement. Both documents were...more
11/20/2024
/ Artificial Intelligence ,
Biometric Information ,
Corporate Governance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
Exporters ,
Exports ,
Machine Learning ,
New Guidance ,
Privacy Laws ,
U.S. Commerce Department
On October 9, 2024, the European Commission (the Commission) published a report on the first periodic review of the adequacy decision of July 10, 2023. This decision determined that the EU-U.S. Data Privacy Framework (the...more
11/20/2024
/ Certifications ,
Complaint Procedures ,
Compliance Monitoring ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws
On 17 October 2024, the European Commission (EC) adopted the final version of the Implementing Regulation concerning cybersecurity risk management measures and further specification of cases in which an incident is considered...more
On 9 October 2024, the European Data Protection Board (EDPB) published its draft Guidelines on the processing of personal data based on legitimate interest for public consultation. The draft Guidelines, adopted on 8 October...more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
10/21/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Data Protection ,
Enforcement Actions ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
Liability ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
UK ,
United States
The CJEU considered: (a) whether a legitimate interest of the controller or third party must be determined by law, and (b) whether provision of personal data of the members of a sports federation to third parties in return...more
Many governments are grappling with the question of how to regulate artificial intelligence to ensure it is adopted safely and used responsibly without hampering innovation. Governments have generally indicated similar...more
10/8/2024
/ Artificial Intelligence ,
Bank of England ,
Bergdorf Goodman ,
Data Collection ,
Data Processors ,
Data Selling ,
Documentation ,
EU ,
European Banking Authority (EBA) ,
European Securities and Markets Authority (ESMA) ,
Financial Conduct Authority (FCA) ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Services Industry ,
Information Governance ,
Machine Learning ,
MiFID II ,
Personal Data ,
Popular ,
Privacy Laws ,
Prudential Regulation Authority (PRA) ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Management ,
Third-Party ,
Training ,
Transparency ,
UK
On 6 September 2024, the European Commission published a set of frequently asked questions (FAQs) on Regulation (EU) 2023/2854 on Harmonised Rules on Fair Access to and Use of Data (the Data Act). More detail can be found in...more
On 1 July 2024, the European Commission (the ‘Commission’) announced its preliminary findings in an investigation of a leading social media platform, concluding that its ‘pay or consent’ advertising model implemented in the...more
7/23/2024
/ Advertising ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Digital Markets Strategy ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Pay or Play ,
Privacy Laws ,
Social Media ,
Technology Sector
The Office of the Privacy Commissioner of Canada (the OPC) published two new resolutions which aim to protect the privacy of employees and young people, on 6 October 2023. The resolutions follow concerns of privacy federal,...more
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The White House announced on 21 July 2023 that seven companies involved in development of artificial intelligence (AI) technology had voluntarily committed to manage the risks posed by AI. These companies are: Amazon,...more