On 8 October 2024, the European Data Protection Board (“EDPB”) issued draft Guidelines 1/2024 concerning the processing of personal data based on legitimate interests under Article 6(1)(f) of the GDPR (“Guidance”), which...more
Businesses across the world are currently looking at ways of implementing artificial intelligence (AI) in their operations. In doing so, they face complex new regulatory compliance obligations, including those set out in the...more
On Friday 12 July, the European Union published the final text of its long-anticipated AI Act in the Official Journal, marking a key milestone in the implementation of this transformative piece of digital regulation....more
In December 2023, political agreement was reached by EU policy makers on all substantive aspects of the EU Artificial Intelligence Act. Since then, the close-to-final text of this transformational piece of European...more
On 8 December 2023, after marathon “trilogue” negotiations, the Council of the EU, the European Parliament and European Commission reached a groundbreaking agreement on the forthcoming AI Act. Although the final text is still...more
On the bumpy road towards a new adequacy decision for EU-U.S. data transfers, the European Data Protection Board (“EDPB”) has published its Opinion 5/2023 (“Opinion”) on the European Commission's (“Commission”) draft adequacy...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
Binding Corporate Rules (BCR) are often considered the “gold standard” for international transfers of personal data subject to the GDPR. In contrast to the Standard Contractual Clauses of the European Commission (SCC), BCR...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more
On 25 May 2022, the European Commission released long-awaited guidance for the Standard Contractual Clauses (SCCs) adopted in June 2021. The Commission has developed Questions and Answers (Q&As) as a dynamic source of...more
On March 25, 2022, The European Commission and the United States Government announced they had “agreed in principle” on a new Trans-Atlantic Data Privacy Framework (”Framework”) to enable flows of personal data from the EU to...more
Research and development, innovation, product and service improvement, AI design and deployment...these are key commercial drivers for the successful modern business. They also underpin technological, medicinal, and other...more
Hogan Lovells’ Privacy and Cybersecurity team have made a formal submission to the Information Commissioner’s Office consultation on how organisations can continue to protect people’s personal data when it is transferred...more
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
6/4/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On 31 May 2020, Max Schrems' organization, NOYB, launched a new campaign aimed at ending what they dramatically refer to as the “cookie banner terror.” The campaign was spearheaded by sending over 560 draft complaints to...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
1/18/2021
/ Court of Justice of the European Union (CJEU) ,
Cross-Border ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Lead Supervisory Authority ,
Personal Data ,
Popular
After months of arduous negotiations, the EU-UK Trade and Cooperation Agreement (the Brexit Deal) of 24 December 2020 is good news and provides a welcome degree of certainty to businesses....more
On 16 December 2020, the EU released its proposed revisions to the existing Directive 2016/1148 on the security of network and information systems (NIS2)....more
Right on the heels of the practical guidance issued by the European Data Protection Board (EDPB) on supplemental safeguards for international data transfers and European Essential Guarantees for surveillance measures, on...more
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
As highlighted by our new Privacy 2040 initiative, there have never been more opportunities to shape the existing and future privacy and cybersecurity legal framework. ...more