This blog post focuses on the transparency requirements associated with certain limited-risk artificial intelligence (AI) systems under Article 50 of the European Union’s AI Act....more
On 22 December 2023, the EU published Regulation (EU) 2023/2854, the Data Act, in the Official Journal of the EU. The Data Act is a new regulation providing harmonised rules on access to data, switching cloud providers and...more
1/25/2024
/ B2B Organizations ,
Cloud Computing ,
Connected Items ,
Data Controller ,
Data Protection ,
Data Subject Access Requests ,
Digital Single Market ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
New Regulations ,
Personal Data ,
Small and Medium-Sized Enterprises (SMEs) ,
Technology Sector ,
Third-Party
On November 27, 2023, the Council of the European Union adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. The...more
On November 9, 2023, the European Parliament adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. It is widely...more
11/16/2023
/ Cloud Service Providers (CSPs) ,
Connected Entities ,
Corporate Counsel ,
Data-Sharing ,
Digital Single Market ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Parliament ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Legislation ,
Personal Data ,
Transparency
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On March 31, 2023, Italy’s privacy regulator (the “Garante”), announced an immediate temporary limitation on the processing of data of individuals residing in Italy by OpenAI’s ChatGPT, the popular artificial intelligence...more
4/4/2023
/ Artificial Intelligence ,
Corporate Counsel ,
Data Processors ,
Enforcement Actions ,
EU ,
Federal Trade Commission (FTC) ,
Italy ,
Machine Learning ,
Personal Data ,
Privacy Laws ,
Regulatory Authority
On October 7, 2022, President Biden signed an Executive Order (“EO”) implementing the new trans-Atlantic EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). The EU-U.S. DPF, previously announced by President Biden and the...more
10/10/2022
/ Biden Administration ,
Binding Corporate Rules ,
Civil Liberties ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
UK
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On November 11, 2020, the European Data Protection Board (“EDPB”) released two documents as a follow-up to the Court of Justice of the European Union’s (“CJEU”) notable July 2020 decision, known as Schrems II. These documents...more
On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”) ruling that the Privacy Shield...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems).
In its decision, the Court (1) struck down the Privacy Shield program that...more
Throughout the world, the coronavirus pandemic is creating enormous challenges. While data protection is not the main concern, the European Data Protection Authorities (DPAs) made it clear that the European General Data...more
Throughout the world, the coronavirus pandemic is creating enormous challenges. While data protection is not the main concern, the European Data Protection Authorities (DPAs) made it clear that the European General Data...more
On January 23, 2019, the European Data Protection Board (“EDPB”), which is composed of representatives of the national data protection authorities and the European Data Protection Supervisor, adopted an Advisory Opinion...more
2/20/2019
/ Clinical Trials ,
Consent ,
Data Collection ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Pharmaceutical Industry ,
Public Interest ,
Scientific Research
The European Data protection Board (“EDPB”), which is composed of representatives of the national data protection authorities and the European Data Protection Supervisor, recently adopted an Advisory Opinion (“Opinion”) on...more
2/12/2019
/ Advisory Opinions ,
Clinical Trials ,
Consent ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Life Sciences ,
Personal Data ,
Pharmaceutical Industry ,
Public Interest
The European Data protection Board (“EDPB”), which is composed of representatives of the national data protection authorities, and the European Data Protection Supervisor, adopted its report on the second annual review of the...more
2/4/2019
/ Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Information Reports ,
International Data Transfers ,
National Security ,
Personal Data ,
Surveillance ,
Transparency ,
US-EU Safe Harbor Framework
On January 23, 2018, the European Commission (“EC”) adopted its adequacy decision on Japan. Japan issued an equivalent decision regarding data transfers from Japan to the European Union on the same day. This means that...more
This is the inaugural issue of WilmerHale’s 8-in-8 Recent Trends in European Law and Policy Alert Series. Over the next eight weeks, our attorneys will share insights on current and emerging issues affecting companies doing...more
5/31/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Popular
This is the inaugural issue of WilmerHale's 8-in-8 Recent Trends in European Law and Policy Alert Series. Over the next eight weeks, our attorneys will share insights on current and emerging issues affecting companies doing...more
Brexit raises critical issues regarding the future transfer of personal data outside of the EU, not least as to the role of the UK Data Protection Authority, the Information Commissioner’s Office (“ICO”), and as to its...more
11/22/2017
/ Binding Contractual Rules ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Member State ,
Personal Data ,
Popular ,
UK ,
UK Brexit ,
UK Data Protection Act
On October 18, the Article 29 Working Party released its draft of “Guidelines on Personal data breach notification under Regulation 2016/679” (“Guidelines on Personal data breach notification,” WP250). The guidelines are not...more
On October 18, the Article 29 Working Party released its draft of “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679” (“Guidelines on Automated individual decision-making...more
The UK Information Commissioner’s Office (ICO) continues to play an active role in shaping data protection law in the EU, notwithstanding the UK’s decision to leave the EU in the aftermath of Brexit. On April 6, 2017, the ICO...more