On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
3/21/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Direct Marketing ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
The AI Act (Regulation (EU) 2024/1689 of June 13, 2024, laying down harmonized rules on artificial intelligence) is the European Union’s comprehensive legal framework on AI, which aims to promote the responsible development...more
2/3/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Protection ,
Enforcement ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
Our Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union....more
12/12/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Distributors ,
EU ,
European Commission ,
Importers ,
Manufacturers ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU...more
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
9/26/2024
/ Artificial Intelligence ,
Automation Systems ,
Belgium ,
Compliance ,
Corporate Counsel ,
Data Processors ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Regulatory Oversight
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
8/12/2024
/ Artificial Intelligence ,
Automation Systems ,
Corporate Counsel ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
Our Privacy, Cyber & Data Strategy Team highlights 11 common questions your company’s senior executives may have about the European Union’s Artificial Intelligence Act and how you can answer them....more
7/15/2024
/ Algorithms ,
Artificial Intelligence ,
Biometric Information ,
C-Suite Executives ,
Compliance ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Technology Sector
Yesterday, the EU Artificial Intelligence Act (‘AI Act’) was signed into law. The AI Act will impose obligations on both private and public sector actors which provide, import, distribute, or deploy in-scope AI systems. It...more
On March 13, 2024, the European Parliament approved the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first comprehensive legal framework worldwide that specifically regulates AI...more
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
On December 8, 2023, following marathon negotiations, European Union (‘EU’) legislators reached a political agreement on the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first...more
The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more
11/27/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
European Commission ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Technology ,
Investment Firms ,
Popular ,
Risk Management
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal...more
The European Commission has approved the EU-U.S. Data Privacy Framework (DPF) for transferring data from the EU to the United States. Our Privacy, Cyber & Data Strategy Team discusses what companies should consider when...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
What Happened? On July 10, 2023, the European Commission (‘EC’) adopted its long-awaited adequacy decision approving the EU-U.S. Data Privacy Framework (‘DPF’). By doing so, the EC is confirming that personal data...more
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for...more
On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for...more
In August 2020, privacy activist organization NOYB – European Center for Digital Rights filed 101 complaints with the EU Supervisory Authorities (‘SAs’) in connection with the transfer of personal data from Europe to...more
Background - On April 4th, 2023, the European Data Protection Board (‘EDPB’), which is composed of representatives of the EU national supervisory authorities and the European Data Protection Supervisor (‘EDPS’), published an...more
On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated...more
Corporate legal departments are increasingly receiving requests from business clients to use ChatGPT or similar “generative AI” tools in their operations. These requests can be urgent, with business clients demanding...more