The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
8/1/2025
/ AI Act ,
Artificial Intelligence ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
International Data Transfers ,
Machine Learning ,
Privacy-By-Design ,
Regulatory Requirements
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
7/30/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Oversight ,
Regulatory Requirements
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
7/29/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Business Strategies ,
Data Collection ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Personal Data ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Strategic Planning
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
7/28/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Requirements ,
Strategic Planning
Exactly one year from now, on September 12, 2025, the EU Data Act will enter into application. This new regulation provides harmonized rules on data access, switching cloud providers, and interoperability requirements across...more
9/13/2024
/ Compliance ,
Compliance Dates ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Enforcement ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization
This blog post focuses on the transparency requirements associated with certain limited-risk artificial intelligence (AI) systems under Article 50 of the European Union’s AI Act....more
On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act). It is considered to be the world’s first comprehensive horizontal legal framework for AI. It provides for EU-wide rules on data...more
3/15/2024
/ Artificial Intelligence ,
EU ,
European Commission ,
European Parliament ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Member State ,
New Legislation ,
OECD ,
Risk Assessment ,
Technology Sector
On 22 December 2023, the EU published Regulation (EU) 2023/2854, the Data Act, in the Official Journal of the EU. The Data Act is a new regulation providing harmonised rules on access to data, switching cloud providers and...more
1/25/2024
/ B2B Organizations ,
Cloud Computing ,
Connected Items ,
Data Controller ,
Data Protection ,
Data Subject Access Requests ,
Digital Single Market ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
New Regulations ,
Personal Data ,
Small and Medium-Sized Enterprises (SMEs) ,
Technology Sector ,
Third-Party
On November 27, 2023, the Council of the European Union adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers, and interoperability requirements across the EU. The...more
On November 27, 2023, the Council of the European Union adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. The...more
On November 27, 2023, the Council of the European Union adopted the EU Data Act (Data Act), a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the...more
On November 9, 2023, the European Parliament adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. It is widely...more
11/16/2023
/ Cloud Service Providers (CSPs) ,
Connected Entities ,
Corporate Counsel ,
Data-Sharing ,
Digital Single Market ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Parliament ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Legislation ,
Personal Data ,
Transparency
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy
On May 3, 2022, the European Commission published a proposal for a Regulation on the European Health Data Space (EHDS) (“EHDS Regulation”, or “Proposal”). With the Proposal, the European Commission aims to make significant...more
5/26/2022
/ Digital Health ,
Electronic Health Record Incentives ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Life Sciences ,
Member State ,
Patient Privacy Rights ,
Popular ,
Proposed Regulation
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators.
On February 10, 2022, the French Data...more
2/16/2022
/ Analytics ,
CNIL ,
Corporate Counsel ,
Data Protection Authority ,
Facebook ,
FISA ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
Last week, the Belgian Data Protection Authority ruled that the IAB’s cookie consent framework violated the GDPR. This decision has tremendous potential implications on the ad tech industry, as both publishers and advertisers...more
2/8/2022
/ Adtech ,
Advertising ,
Belgium ,
Consent ,
Cookies ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Publishers
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On November 11, 2020, the European Data Protection Board (“EDPB”) released two documents as a follow-up to the Court of Justice of the European Union’s (“CJEU”) notable July 2020 decision, known as Schrems II. These documents...more
On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”) ruling that the Privacy Shield...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems).
In its decision, the Court (1) struck down the Privacy Shield program that...more
Throughout the world, the coronavirus pandemic is creating enormous challenges. While data protection is not the main concern, the European Data Protection Authorities (DPAs) made it clear that the European General Data...more
Throughout the world, the coronavirus pandemic is creating enormous challenges. While data protection is not the main concern, the European Data Protection Authorities (DPAs) made it clear that the European General Data...more