Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
8/12/2024
/ Artificial Intelligence ,
Automation Systems ,
Corporate Counsel ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
Our Privacy, Cyber & Data Strategy Team highlights 11 common questions your company’s senior executives may have about the European Union’s Artificial Intelligence Act and how you can answer them....more
7/15/2024
/ Algorithms ,
Artificial Intelligence ,
Biometric Information ,
C-Suite Executives ,
Compliance ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Technology Sector
Yesterday, the EU Artificial Intelligence Act (‘AI Act’) was signed into law. The AI Act will impose obligations on both private and public sector actors which provide, import, distribute, or deploy in-scope AI systems. It...more
On March 13, 2024, the European Parliament approved the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first comprehensive legal framework worldwide that specifically regulates AI...more
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
On December 8, 2023, following marathon negotiations, European Union (‘EU’) legislators reached a political agreement on the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first...more
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
The European Commission has approved the EU-U.S. Data Privacy Framework (DPF) for transferring data from the EU to the United States. Our Privacy, Cyber & Data Strategy Team discusses what companies should consider when...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for...more
On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for...more
In August 2020, privacy activist organization NOYB – European Center for Digital Rights filed 101 complaints with the EU Supervisory Authorities (‘SAs’) in connection with the transfer of personal data from Europe to...more
Background - On April 4th, 2023, the European Data Protection Board (‘EDPB’), which is composed of representatives of the EU national supervisory authorities and the European Data Protection Supervisor (‘EDPS’), published an...more
On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated...more
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the...more
Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows...more
On May 25th, the Belgian Supervisory Authority (“GBA”) announced that it had imposed a fine of EUR 50,000 on a Belgium-based news media company for using cookies on its websites without complying with applicable cookie law...more
On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of...more
The Italian Garante per la Protezione dei dati Personali (‘Italian SA’) published a decision of February 10, 2022 in which it imposes a 20 million EUR fine on a company outside of Europe for violation of the EU General Data...more
3/11/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Fines ,
Data Controller ,
Data Processors ,
Enforcement Actions ,
EU ,
European Supervisory Authorities (ESAs) ,
Foreign Entities ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Italy ,
Personal Data
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General...more
On 31 January 2022, the EU Clinical Trial Regulation (CTR) will come into application, almost 8 years after its adoption by the European Parliament and the Council of the EU. The CTR will radically change the regulatory...more
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a...more