On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
3/21/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Direct Marketing ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
9/26/2024
/ Artificial Intelligence ,
Automation Systems ,
Belgium ,
Compliance ,
Corporate Counsel ,
Data Processors ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Regulatory Oversight
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
8/12/2024
/ Artificial Intelligence ,
Automation Systems ,
Corporate Counsel ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the...more
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal...more
The European Commission has approved the EU-U.S. Data Privacy Framework (DPF) for transferring data from the EU to the United States. Our Privacy, Cyber & Data Strategy Team discusses what companies should consider when...more
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for...more
On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for...more
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the...more
On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of...more
The Italian Garante per la Protezione dei dati Personali (‘Italian SA’) published a decision of February 10, 2022 in which it imposes a 20 million EUR fine on a company outside of Europe for violation of the EU General Data...more
3/11/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Fines ,
Data Controller ,
Data Processors ,
Enforcement Actions ,
EU ,
European Supervisory Authorities (ESAs) ,
Foreign Entities ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Italy ,
Personal Data
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a...more
On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which...more
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the...more
On February 19, 2021, the European Commission adopted a draft ‘adequacy decision’ in favor of the UK. The adoption of the draft adequacy decision marks the first step in ensuring the continued free flow of personal data from...more
On December 24, 2020, the EU and the UK reached an agreement on the terms of their future cooperation following the end of the Brexit Transition Period (i.e., following 31 December 2020). The EU-UK Trade and Cooperation...more
On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing...more
With the end of the Brexit transition period around the corner, companies doing business in the EU and UK must prepare for data protection change – and not only international data transfers. Our Privacy & Data Security Team...more
When it comes to data breach notification laws, differences between the patchwork of U.S. state laws and the EU’s General Data Protection Regulation can impact the focus of and approach to an investigation. Our Privacy & Data...more
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between...more
The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor for public consultation. While its predecessor – the Article 29 Working Party – had issued guidance on the...more
On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment...more