Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
After three years of legislative debate, the Council of the European Union cast its final vote on the European Union (EU) Artificial Intelligence (AI) Act on 21 May 2024. Once published in the EU Official Journal in June, the...more
Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
Artificial Intelligence has the potential to be the next transformational technology, and as adoption of AI-powered tools continues to increase, deal activity in the AI space will follow. Regulators and law makers are...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year.
The European Data Protection Board (EDPB) has announced that its coordinated...more
3/27/2023
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Harmonization ,
Personal Data
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.
Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
11/4/2020
/ Anti-Money Laundering ,
Anti-Terrorism Financing ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Guidance ,
Payment Systems ,
Personal Data ,
PSD2
Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
The new guidelines reflect the European Commission’s aim to provide additional certainty for regulated entities outsourcing to cloud services.
On 3 June 2020, ESMA published a consultation paper on draft guidelines...more
Not too long ago, an investment manager looking to invest in a company might conduct due diligence, attend investor relation calls, peruse quarterly or annual filings, and consider standard ratios such as price to earnings...more
3/5/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
EU ,
EU Market Abuse Regulation (EU MAR) ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Investment Advisers Act of 1940 ,
MiFID ,
Regulation S-P ,
Risk Management ,
Risk Mitigation ,
Securities Exchange Act
The final guidelines create new obligations for insurers that will impact cloud outsourcing arrangements.
On 6 February 2020, the European Insurance and Occupational Pensions Authority (EIOPA) published its final...more
2/27/2020
/ Cloud Service Providers (CSPs) ,
Draft Guidance ,
EIOPA ,
EU ,
European Banking Authority (EBA) ,
Financial Institutions ,
Insurance Industry ,
Outsourcing ,
Public Contracts ,
Reinsurance ,
Solvency II
Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services.
In a bid to keep pace with rapid advances in cloud adoption across financial services, regulators have published a...more
11/12/2019
/ CLOUD Act ,
Cloud Storage ,
Data Protection Authority ,
EU ,
European Banking Authority (EBA) ,
Financial Services Industry ,
FinTech ,
General Data Protection Regulation (GDPR) ,
Insurance Industry ,
New Guidance ,
Open Banking ,
Regulatory Agenda ,
Reinsurance
The FSB is reviewing cloud provider concentration risk in the latest example of regulator concern over reliance on leading cloud providers by financial services institutions.
The Financial Stability Board (FSB), an...more
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe.
A German supervisory authority has initiated an investigation into Google’s...more
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance.
The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices.
Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
3/20/2019
/ Article 50 Treaty of the EU ,
CNIL ,
Data Privacy ,
Data Protection ,
DIFC ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Ireland ,
Member State ,
No-Deal Brexit ,
UK ,
UK Brexit ,
Withdrawal Agreement