The UK-US data bridge is the UK Government’s preferred terminology to describe its decision to permit the flow of personal data from the UK to the US, achieved through the UK Extension to the EU-US Data Privacy Framework. The...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The UK National Cyber Security Centre (NCSC) published its guidance on shadow IT on 27 July 2023.
‘Shadow IT’ are unknown assets that are used within an organisation for business purposes (including in certain cloud...more
The White House announced on 21 July 2023 that seven companies involved in development of artificial intelligence (AI) technology had voluntarily committed to manage the risks posed by AI. These companies are: Amazon,...more
The UK National Cyber Security Centre (NCSC) revised its guidance on risk management on 26 June 2023, which was last updated in 2018....more
The UK Information Commissioner's Office (ICO) published a report on neurotechnology and released an accompanying statement on 8 June 2023....more
The European Data Protection Board (EDPB) published the final version of the Guidelines on the calculation of administrative fines under the GDPR (Guidelines) on 7 June 2023. The Guidelines aim to harmonize the approach to...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
6/5/2023
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Pakistan ,
Personal Data
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
The European Parliament’s committees for Civil Liberties, Justice and Home Affairs (LIBE) and for Internal Market and Consumer Protection (IMCO) adopted a report setting out the Parliament’s vision for the proposed EU...more
The EDPB published its 2022 activity report “Streamlining Enforcement Through Cooperation” (the Activity Report) on 17 April 2023, which provides an overview of the work it carried out in 2022. The report reflects on, amongst...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The European Data Protection Board (EDPB) held its 77th plenary meeting on 28 March 2023. The EDPB considered the following key topics...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
3/23/2023
/ Advocate General ,
Court of Justice of the European Union (CJEU) ,
Credit Rating Agencies ,
Data Controller ,
Data Management ,
Data Subject Access Requests ,
Data Subjects Rights ,
DPA ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Requests ,
Personal Data
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
The potential benefits of deploying artificial intelligence (AI) (and in particular, machine learning (ML) techniques) within the insurance industry have been the subject of much market discussion and increased focus over...more
The People’s Republic of China’s Regulations on the Administration of Deep Synthesis of Internet Information Services (Regulations) entered into force on 10 January 2023, following their adoption by the Cyberspace...more
The World Economic Forum (WEF), an influential international non-governmental organisation for public-private cooperation, published its white paper on overcoming the barriers to international data flows on 16 January 2023....more
The OECD countries adopted the first intergovernmental declaration setting out common approaches to providing privacy and data protection safeguards for governmental access to personal data held by private sector (on 14...more
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
On 7 October 2022, the President of the United States signed an Executive Order on Enhancing Safeguards for US Intelligence Activities. The Executive Order aims to implement the United States' commitments to protect EU-US...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
The European Data Protection Board (EDPB) has adopted, on 16 June 2022, the draft guidelines on certification as a tool for transfers of data to third countries without adequacy status (the Guidelines). The text of the...more
On 13 June 2022, the UK’s Department of Digital, Culture, Media and Sport (DCMS) published its 2022 Digital Strategy (the Strategy)....more