Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule...more
9/17/2024
/ Artificial Intelligence ,
Ethics ,
EU ,
Human Rights ,
Innovative Technology ,
International Treaties ,
Machine Learning ,
Regulatory Agenda ,
Treaties ,
UK ,
United States
The agreed text of the AI Act was published on July 12, 2024, essentially starting the clock on the legal deadlines contained in it. Its obligations will apply in tiered phases, with the first key obligations being enforced...more
7/22/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Distributors ,
EU ,
Exemptions ,
Imports ,
Information Governance ,
Machine Learning ,
Manufacturers ,
Recordkeeping Requirements ,
Risk Assessment ,
Supply Chain
In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10%...more
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing...more
4/10/2024
/ Compliance ,
Cybersecurity ,
Data Security ,
Distributors ,
EU ,
Imports ,
Internet ,
Internet of Things ,
Manufacturers ,
Regulatory Standards ,
Telecommunications ,
UK
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014,...more
On March 13, 2024, the EU Parliament voted to pass the EU’s much-discussed AI Act (with 523 votes in favor, 46 against and 49 abstentions). For an insight into the AI Act’s progression through the EU lawmaking system, see our...more
The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final...more
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
U.S. companies can now self-certify to permit personal data to freely flow from the Europe to the United States.
U.S. organizations can now self-certify their compliance with the EU-U.S. Data Privacy Framework (DPF) to...more
7/27/2023
/ BCRs ,
Data Integrity ,
Data Privacy ,
Data Security ,
Department of Transportation (DOT) ,
Enforcement ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The European Union (EU) has made steady progress in shaping its proposed AI law, known as the “AI Act.” With the European Parliament approving its preferred version, the AI Act has now entered the final stage of the...more
The use of generative AI tools, like ChatGPT, are becoming increasingly popular in the workplace. Generative AI tools include artificial intelligence chatbots powered by “large language models” (LLMs) that learn from (and...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
7/11/2022
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Policy ,
Private Right of Action ,
Proposed Legislation ,
Small Business ,
Third-Party Service Provider
On March 24, 2022, the EU Parliament and Council negotiators agreed on the wording of new EU rules to limit the market power of big online platforms. The EU Digital Markets Act (DMA) will prohibit certain practices used by...more
The EU and UK have imposed additional export controls and sanctions with respect to Russia and Belarus connected to the Russian invasion of Ukraine. Below is a summary of key developments over recent days since our last blog...more
3/3/2022
/ Airspace ,
Asset Freeze ,
Belarus ,
Belarus Sanctions ,
Economic Sanctions ,
Export Controls ,
Foreign Relations ,
Proposed Legislation ,
Russia ,
UK ,
Ukraine
Despite months of posturing and growing geopolitical tensions, Russia’s full-scale invasion of Ukraine this week was a shock to the global community. Western leaders have been swift and unanimous in their response, condemning...more
2/28/2022
/ Anti-Money Laundering ,
Asset Freeze ,
Biden Administration ,
Bureau of Industry and Security (BIS) ,
ECCNs ,
Economic Sanctions ,
EU ,
Executive Orders ,
Export Administration Regulations (EAR) ,
General Licenses ,
Office of Foreign Assets Control (OFAC) ,
Russia ,
SDN List ,
UK ,
Ukraine
Initial Global Sanctions on Russia in Response to Events in Eastern Ukraine - In response to President Putin’s televised recognition of Donetsk and Luhansk People’s Republics (“DNR” and “LNR”) of Ukraine as “independent”...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints...more
With artificial intelligence (AI) becoming more are more embedded in our everyday lives, there has been a corresponding need for regulations that foster AI development and adoption in a responsible manner. The question is how...more
On April 26, 2021, the UK announced a new global anti-corruption sanctions regime and has imposed sanctions on 22 people whom the UK Government has reasonable grounds to suspect have been involved in serious corruption. Under...more
The EDPB has issued recommendations concerning how organisations may lawfully transfer personal data from Europe to “third countries” (e.g., the U.S. and currently the UK from 1.1.2021) in light of the recent Schrems II...more
11/25/2020
/ EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legal Systems ,
New Guidance ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The UK Data Protection Authority, the Information Commissioner’s Office (ICO), has published an update report on privacy issues around real-time bidding (RTB) and programmatic advertising. ...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
The Irish High Court has “well-founded” concerns that there is no...more
11/17/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses
The Office of Financial Sanctions Implementation ramps up enforcement activities in London -
A new UK sanctions enforcement body with added civil enforcement tools is ramping up activities. ...more
11/1/2017
/ Economic Sanctions ,
EU ,
Financial Institutions ,
HM Treasury ,
International Finance ,
Office of Financial Sanctions Implementation (OFSI) ,
Office of Foreign Assets Control (OFAC) ,
Policing and Crime Act 2017 ,
U.S. Treasury ,
UK ,
Voluntary Disclosure