Companies deploying high-risk artificial intelligence (AI) systems must prepare to conduct Fundamental Rights Impact Assessment (FRIA) by 2 August 2026. In this edition of our “Zooming in on AI” series we explain what this...more
The EU Artificial Intelligence Act (“AI Act”) exemplifies a highly advanced risk-based approach to European regulation. One of its distinguishing features is the detailed classification of various risk levels associated with...more
11/12/2024
/ Artificial Intelligence ,
Digital Services ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Transparency
During an investigation, it is not uncommon to discover that an individual has forwarded business emails to their private email address. This ruling from the Higher Regional Court Munich shows the potential implications of...more
11/4/2024
/ Board of Directors ,
Confidential Information ,
Corporate Governance ,
Corporate Misconduct ,
Email ,
Email Policies ,
General Data Protection Regulation (GDPR) ,
Germany ,
Internal Investigations ,
Personal Information ,
Sensitive Business Information ,
Termination ,
White Collar Crimes
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
10/30/2024
/ Artificial Intelligence ,
Automated Systems ,
Data Protection ,
Distributors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Importers ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Technology Sector ,
Transparency
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
10/21/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Data Protection ,
Enforcement Actions ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
Liability ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
UK ,
United States
Rapid and accelerating developments in artificial intelligence have prompted governments around the world to consider how AI should be regulated and used responsibly by businesses, without stifling innovation.
This is...more
10/17/2024
/ Artificial Intelligence ,
Capital Markets ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Intellectual Property Protection ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector ,
UK ,
White Collar Crimes
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
On June 20, 2024, the Court of Justice of the European Union (‘CJEU’) issued its judgment in two joined cases C-182/22 and C-189/22, Scalable Capital, on the right to compensation for non-material damages under Article 82(1)...more
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions.
UK developments -
The UK Parliament is...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely on automated processing...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of whether Member State law may...more
On 25 October 2021, the Administrative Court of Wiesbaden (the Court) announced its decision, issued in early October, to submit two questions to the Court of Justice of the European Union (CJEU) regarding the scope of the...more