On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
On 8 October 2024, the European Data Protection Board (“EDPB”) issued draft Guidelines 1/2024 concerning the processing of personal data based on legitimate interests under Article 6(1)(f) of the GDPR (“Guidance”), which...more
Businesses across the world are currently looking at ways of implementing artificial intelligence (AI) in their operations. In doing so, they face complex new regulatory compliance obligations, including those set out in the...more
On Friday 12 July, the European Union published the final text of its long-anticipated AI Act in the Official Journal, marking a key milestone in the implementation of this transformative piece of digital regulation....more
The UK Information Commissioner’s Office (ICO) has recently published an update on its enforcement efforts in respect of website cookie compliance. It follows a letter the ICO sent in November 2023 to 53 of the top 100 UK...more
In December 2023, political agreement was reached by EU policy makers on all substantive aspects of the EU Artificial Intelligence Act. Since then, the close-to-final text of this transformational piece of European...more
As the popularity of AI technologies has continued to grow in 2023, so has the number of laws and regulations seeking to address the potential risks and societal harms that may arise. The evolving legislation and calls to...more
On 8 December 2023, after marathon “trilogue” negotiations, the Council of the EU, the European Parliament and European Commission reached a groundbreaking agreement on the forthcoming AI Act. Although the final text is still...more
Following a re-think of the process for the authorisation of UK BCR after Brexit, the Information Commissioner’s Office (ICO) has devised a new mechanism to significantly streamline approvals. The new process, which was...more
Further to the UK CMA’s ‘Initial Review’ of AI foundation models back in May, the regulator has now published an ‘Initial Report’ setting out its evolving thinking on the regulation of AI. While there are no immediate...more
On August 24, 2023, twelve international data protection and privacy regulators from the Americas, Europe, Africa, and APAC announced their “global expectations of social media platforms and other sites to safeguard against...more
With the rapid rise of artificial intelligence, governments and policymakers are racing to release their own proposals on regulating the technology. Major jurisdictions including the EU, US, UK, and China are all at various...more
A cross-practice Global Regulatory & IPMT team hosted a roundtable discussion on the key requirements that industry would like to see incorporated in the UK Government’s approach to developing its AI regulatory framework....more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
A few months after the UK Government published a White Paper on its approach to artificial intelligence regulation and invited comments from stakeholders, the Prime Minister Rishi Sunak has announced the UK will host a global...more
On 29 March 2023, the UK government published its long-awaited white paper on its intended approach to regulating AI. The proposal seeks to strike a balance between the primary policy objective of creating a ‘pro-innovation’...more
On 8 March 2023, the UK Department for Science, Information and Technology (DSIT) published the Data Protection and Digital Information (No.2) Bill (DPDI 2) which provides an update to the Government's reforms to the UK data...more
On the bumpy road towards a new adequacy decision for EU-U.S. data transfers, the European Data Protection Board (“EDPB”) has published its Opinion 5/2023 (“Opinion”) on the European Commission's (“Commission”) draft adequacy...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
Binding Corporate Rules (BCR) are often considered the “gold standard” for international transfers of personal data subject to the GDPR. In contrast to the Standard Contractual Clauses of the European Commission (SCC), BCR...more
The Information Commissioner's Office (ICO) has published new guidance on direct marketing using electronic mail and live calls, aimed at providing a more detailed overview of the rules on direct marketing as well as...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more