The EU’s AI Act (the “Act”) is the world’s first comprehensive AI law. The Act manages risks posed by certain AI systems and prohibits certain AI-related practices. UK and US organisations should not assume that the Act does...more
11/13/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Automated Systems ,
Biometric Information ,
Critical Infrastructure Sectors ,
Distributors ,
Enforcement ,
EU ,
Filing Deadlines ,
Fines ,
Immigration ,
Importers ,
Law Enforcement ,
Machine Learning ,
Manufacturers ,
Noncompliance ,
Software ,
Training ,
UK
The UK Labour Government published the Employment Rights Bill (“Bill”) last week, alongside a “Next Steps to Make Work Pay” plan (“Plan”), introducing several key employment law changes that will impact all UK businesses,...more
The SEC’s new and proposed rules on cybersecurity and cyber-incident reporting will have a dual impact on private investment advisers and funds.
First, the proposal by the SEC will impose cybersecurity related...more
4/18/2024
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Enforcement ,
Governance Standards ,
Investment Adviser ,
New Rules ,
Policies and Procedures ,
Recordkeeping Requirements ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Technology Sector
To understand the litigation and regulatory risks that are coming in 2024 for private capital, it is helpful to look back briefly on recent events. Arguably, the single most important event over the last 18 months was the...more
3/19/2024
/ Acquisitions ,
Asset Management ,
Cryptocurrency ,
Cybersecurity ,
Dispute Resolution ,
Enforcement Actions ,
Fund Managers ,
Hedge Funds ,
Interest Rates ,
Investment Management ,
Investors ,
Mergers ,
Private Equity ,
Private Funds ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Technology Sector
The global AI market was valued at $95.60 billion in 2021 and is predicted to reach $1.85 trillion by 2030, registering a compound annual growth rate of 32.9%. Alongside this growth and the proliferation of AI use cases...more
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
6/30/2023
/ Artificial Intelligence ,
Consent ,
Cybersecurity ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Rights ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Healthcare ,
Machine Learning ,
Popular ,
Privacy Laws ,
State Privacy Laws
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new...more
2021 continued the trend of increased regulatory focus on privacy and cybersecurity for private investment funds in the U.S. and abroad. There are no signs of the trend leveling off any time soon. One of the topics that...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
Privacy and cybersecurity issues continue to garner significant attention in the U.S. and abroad. Private investment funds registered with the SEC and their portfolio companies will likely see increased regulatory scrutiny...more
8/30/2021
/ Cybersecurity ,
International Data Transfers ,
Popular ,
Portfolio Companies ,
Privacy Concerns ,
Private Investment Funds ,
Ransomware ,
Regulatory Oversight ,
Regulatory Standards ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC)
Investment firms in the United Kingdom (“UK”) that are authorised to carry on investment services or activities under the Markets in Financial Instruments Directive (“MiFID”) (EU/2014/65) (including alternative investment...more
The final version of the new standard contractual clauses (“SCCs”) were published by the European Commission on June 4, 2021. Many organizations that transfer or receive personal data originating in the European Economic Area...more
It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions...more
This alert focuses on the ongoing and developing privacy issues that have arisen for employers and healthcare providers communicating about the 2019 novel coronavirus (COVID-19). Specifically, we will discuss the steps that...more
3/13/2020
/ Americans with Disabilities Act (ADA) ,
Centers for Disease Control and Prevention (CDC) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Liability Issues ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Infectious Diseases ,
Interim Guidance ,
Privacy Concerns ,
Public Health ,
Workplace Safety
On 9th December 2019, the Senior Managers and Certification Regime (SMCR) will replace the current Financial Conduct Authority (FCA) Approved Person Regime for practically all FCA authorised firms, including alternative...more
10/3/2019
/ Alternative Investment Fund Managers Directive (AIFMD) ,
Asset Management ,
Code of Conduct ,
Financial Conduct Authority (FCA) ,
Financial Services Industry ,
Hedge Funds ,
Investment Adviser ,
Senior Management Regime (SMR) ,
Senior Managers ,
SMCR ,
UK
GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect.
The ICO has stretched its...more
7/25/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
UK
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In...more
3/13/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Popular ,
UK ,
UK Brexit
The General Data Protection Regulation (the “GDPR”) comes into force automatically in each of the European Union Member States (“EU”) on 25 May 2018. Data protection regulation is not new, with the GDPR building on what is...more
The General Data Protection Regulation (the “GDPR”) comes into force automatically in each of the European Union Member States (“EU”) on 25 May 2018. Data protection regulation is not new, with the GDPR building on what is...more
12/27/2017
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Technology Sector
The European Commission has released proposals for new legislation that seeks to create stronger privacy in electronic communications. The draft Privacy and Electronic Communications Regulation (the “Regulation”) is intended...more
1/26/2017
/ Cookies ,
Direct Marketing ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Metadata ,
Penalties ,
Personal Data ,
Spam
The CJEU (the European Union Court of Justice) has handed down a decision which makes clear that general and indiscriminate retention of electronic communications is unlawful. National legislation of each European Member...more
12/27/2016
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
Data Retention ,
Electronic Communications ,
EU ,
EU Cybersecurity Directives ,
Investigatory Powers Act 2016 ,
Surveillance ,
Sweden ,
Terrorist Acts ,
UK
Taxation of termination payments draft legislation published -
At present, in certain circumstances the first £30,000 of a termination payment is exempt from income tax and national insurance ("NIC"). However, there have...more
11/8/2016
/ Bureau of Industry and Security (BIS) ,
Data Protection Authority ,
Disability Discrimination ,
Employment Contract ,
Employment Rights Act ,
Equality Act ,
EU-US Privacy Shield ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Protected Disclosures ,
Reasonable Accommodation ,
Taxable Income ,
Termination Payments ,
UK ,
UK Employment Appeal Tribunal ,
Unfair Dismissal ,
Unilateral Modification ,
Whistleblowers
TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a...more
The European Parliament has approved the reformed General Data Protection Regulation (the “GDPR”). Given this is a Regulation (rather than a Directive), this legislation will apply automatically in every Member State (without...more
8/3/2016
/ Consent ,
Data Controller ,
Data Processors ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
One-Stop Shop ,
Personal Data ,
Transparency
News & Legislation Update -
The UK votes to leave the EU -
We could not write a roundup of news stories from the UK without referencing the UK's vote to leave the EU. The so-called "Brexit" has created...more
8/1/2016
/ Classification ,
Corporate Counsel ,
Employment Discrimination ,
Employment Tribunals ,
Entrepreneurs ,
Equality Act ,
EU ,
Foreign Workers ,
General Data Protection Regulation (GDPR) ,
Hiring & Firing ,
Jurisdiction ,
Non-Compete Agreements ,
Personal Data ,
Restrictive Covenants ,
UK ,
UK Brexit ,
UK Data Protection Act ,
UK Employment Appeal Tribunal ,
Wage and Hour