The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
The European Union’s new AI Act (the Act) went into efect on 1 August 2024. The Act is the first-ever comprehensive law focused on artifcial intelligence and machine learning (collectively, AI). The Act impacts many...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
9/15/2022
/ Biometric Information ,
Computer Fraud and Abuse Act (CFAA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information Protection Law (PIPL) ,
Popular
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
8/24/2021
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Popular ,
Regulatory Reform
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Following the Schrems II decision last year, there have been many questions about the status of international data transfers between the European Union and United States. The European Commission (the Commission) has now...more
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The UK Court of Appeal recently upheld a decision by the UK High Court ruling that employers can be vicariously liable for an employee’s misuse of personal data under the control of the employer. Employers should also be...more
The European General Data Protection Regulation, which will come into force on May 25, 2018, requires companies, including investment managers, funds, banks, and broker-dealers, with operations in Europe or information about...more
4/18/2018
/ Banks ,
Broker-Dealer ,
Data Breach ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Investment Management ,
Personal Data ,
UK
The ruling stems from a case that signals a growing trend toward group action litigation involving data protection, and poses new risks for companies who should respond with increased vigilance in employee recruitment,...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
3/22/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Brexit ,
UK Data Protection Act
Following the United Kingdom’s nonbinding vote to leave the European Union (“Brexit”), what do businesses need to consider for data privacy compliance?...more