The European Data Protection Board's (EDPB) Opinion 28/2024 provides valuable insights into the intersection of artificial intelligence and data protection, particularly in the context of compliance with the EU General Data...more
About the Orrick Legal Ninja Series – OLNS In substantially all of the major world markets, we have dedicated technology lawyers who support young German technology companies on their growth trajectory through all stages. As...more
Over 3,000 privacy professionals from around the world gathered in Brussels recently for the 13th International Association of Privacy Professionals’ Europe Data Protection Congress 2024. The conference focused on the...more
The European Union (EU) has reached a significant milestone by finalizing the Artificial Intelligence Act (AI Act), establishing the world's first comprehensive AI law. This article outlines the history, structure,...more
This update is part of our EU AI Act Series. Learn more about the EU AI Act here. Developers and users of AI systems subject to the EU AI Act must adopt AI literacy measures by 2 February 2025. The Act requires them “to...more
A court in Hamburg, Germany, has decided a copyright infringement case in a way that sheds light on how European courts may apply the text and data mining (TDM) exemption to AI model developers. The exemption is contained in...more
This update is part of our EU AI Act Series. Learn more about the EU AI Act here. The EU AI Act imposes obligations on providers, importers, distributors and deployers of AI systems and General-Purpose AI Models (GPAIMs). ...more
This Essential Guide to the European Data Act is part of Orrick's Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to the evolving cybersecurity and privacy regulatory...more
The European Network and Information Security 2 Directive aims to mitigate threats to network and information systems and ensure the continuity of services in the event of cybersecurity incidents. Member States must pass...more
The Court of Justice of the European Union (CJEU) has made a landmark decision (7 March 2024, C-604/22) on the intricacies of adtech, personal data, and joint control against the background of the General Data Protection...more
In this Essential Guide, part of Orrick’s Cybersecurity & Privacy Compass Series, we offer insights into the Cyberspace Administration of China's (CAC) new rules and requirements for cross-border data transfers.
The...more
This overview is part of a wider series of articles on the AI Act. For recommended steps to take in the first six months, our latest update is available here. The European AI Act has a broad material and territorial scope of...more
This Essential Guide to the European Data Act is part of Orrick's Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to the evolving cybersecurity and privacy regulatory...more
In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
The European Parliament approved the Network and Information Security 2 Directive (“NIS 2”) last year, expanding the scope of the Network and Information Security Directive (“NIS”). Now Germany has introduced the draft of the...more
The European Commission today approved the long-awaited framework for data transfers to the United States. What is the decision about? Today's decision means that organisations subject to the GDPR can benefit from an adequacy...more
This essential guide to the European Data Act is part of Orrick’s Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to constant cybersecurity and privacy change.
In this guide,...more
The EU AI Act, which is progressing towards adoption by the end of 2023, will be complemented by an update to the European civil liability rules applicable to AI-related claims. Towards the end of 2022, the EU Commission...more
On 4 May 2023 the European Court of Justice ("CJEU") published its decision (case no. C-300/21) in which it ruled that not any infringement of the General Data Protection Regulation ("GDPR") triggers the right to compensation...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
On 18 January 2023, the European Data Protection Board ("EDPB") published a report on the work undertaken by its Cookie Banner Task Force to ensure a uniform approach regarding a number of cookie-banner-related complaints...more
This is an update to our previous coverage of the Digital Services Act (“DSA”). The final text of Europe’s (EU) Digital Services Act (“DSA”) was recently approved by the Council of the EU Member States. That means that the...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Last week, the European Data Protection Board ("EDPB") published a long-awaited update of its guidance on breach notification—which did not contain much news generally. However, it does bring a significant new burden for...more