On 9 October 2024, the European Data Protection Board (EDPB) published its draft Guidelines on the processing of personal data based on legitimate interest for public consultation. The draft Guidelines, adopted on 8 October...more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
10/21/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Data Protection ,
Enforcement Actions ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
Liability ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
UK ,
United States
The CJEU considered: (a) whether a legitimate interest of the controller or third party must be determined by law, and (b) whether provision of personal data of the members of a sports federation to third parties in return...more
Many governments are grappling with the question of how to regulate artificial intelligence to ensure it is adopted safely and used responsibly without hampering innovation. Governments have generally indicated similar...more
10/8/2024
/ Artificial Intelligence ,
Bank of England ,
Bergdorf Goodman ,
Data Collection ,
Data Processors ,
Data Selling ,
Documentation ,
EU ,
European Banking Authority (EBA) ,
European Securities and Markets Authority (ESMA) ,
Financial Conduct Authority (FCA) ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Services Industry ,
Information Governance ,
Machine Learning ,
MiFID II ,
Personal Data ,
Popular ,
Privacy Laws ,
Prudential Regulation Authority (PRA) ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Management ,
Third-Party ,
Training ,
Transparency ,
UK
On 6 September 2024, the European Commission published a set of frequently asked questions (FAQs) on Regulation (EU) 2023/2854 on Harmonised Rules on Fair Access to and Use of Data (the Data Act). More detail can be found in...more
On 1 July 2024, the European Commission (the ‘Commission’) announced its preliminary findings in an investigation of a leading social media platform, concluding that its ‘pay or consent’ advertising model implemented in the...more
7/23/2024
/ Advertising ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Digital Markets Strategy ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Pay or Play ,
Privacy Laws ,
Social Media ,
Technology Sector
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The European Commission published its Proposal for a Regulation (on 4 July 2023) laying down additional procedural rules relating to the enforcement of GDPR (the Proposal), which aims to complement the GDPR by specifying the...more
The European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) (together the European Supervisory authorities or ESAs)...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
The European Data Protection Board (EDPB) published the final version of the Guidelines on the calculation of administrative fines under the GDPR (Guidelines) on 7 June 2023. The Guidelines aim to harmonize the approach to...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
6/5/2023
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Pakistan ,
Personal Data
The first week of May 2023 saw further EU case law emerge on the right to compensation under the GDPR, and in this blog we analyse the implications of these latest rulings and consider what may be coming next....more
The European Parliament’s committees for Civil Liberties, Justice and Home Affairs (LIBE) and for Internal Market and Consumer Protection (IMCO) adopted a report setting out the Parliament’s vision for the proposed EU...more
The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The European Data Protection Board (EDPB) held its 77th plenary meeting on 28 March 2023. The EDPB considered the following key topics...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
3/23/2023
/ Advocate General ,
Court of Justice of the European Union (CJEU) ,
Credit Rating Agencies ,
Data Controller ,
Data Management ,
Data Subject Access Requests ,
Data Subjects Rights ,
DPA ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Requests ,
Personal Data
The Court of Justice of the European Union (CJEU) published its decision in Norra Stockholm Bygg AB v Per Nycander AB, C-268/2021 (Norra) on 2 March 2023. The CJEU held that the GDPR applies, in civil court proceedings, to...more
The European Commission issued its non-binding guidance on 1 February 2023 to help providers of online platforms and search engines comply with the requirement of the Digital Services Act (DSA) to publish information on their...more
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
On 12 October 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary meeting held on 10 October 2022....more
On 28 September 2022, the European Commission published two proposals aimed at modernising product liability rules in the digital age. The proposal is the first specifically designed to address compensation for damage caused...more