On 7 November 2023, in the King’s Speech, the UK government announced three draft laws aimed at supporting tech companies’ growth and competitiveness: the Automated Vehicles Bill (AV Bill), the Digital Markets, Competition...more
12/1/2023
/ Data Protection ,
Digital Single Market ,
Driverless Cars ,
EU ,
Mergers ,
Penalties ,
Personal Data ,
Popular ,
Technology Sector ,
Threshold Requirements ,
UK
On September 7, 2023, the Saudi Authority for Data and Artificial Intelligence (SDAIA) issued the Implementing Regulations of the Personal Data Protection Law (the Implementing Regulations) and the Regulations on Personal...more
10/23/2023
/ Advertising ,
Consent ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Transfers ,
Direct Marketing ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
New Regulations ,
Personal Data ,
Saudi Arabia
On 8 June 2023, the UK Prime Minister and the US President jointly announced a commitment to a renewed partnership between the countries, and a framework for economic and diplomatic co-operation (the “Atlantic Declaration”1)....more
The UK government (the “Government”) has published proposals for a new regulatory framework for artificial intelligence (the “White Paper”). Its goal is to “provide a clear, pro-innovation regulatory environment” to make...more
Key Points -
President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
10/20/2022
/ Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers
The ground-breaking draft European Union Act on Artificial Intelligence (AI), which has far-reaching implications beyond Europe, is currently going through the legislative procedure of the European Parliament and Council. The...more
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
On April 21, 2021, the European Commission (Commission) published its draft Regulation on Artificial Intelligence (AI). It follows the strategies outlined in the February 2020 Commission’s White Paper on AI. The draft...more
5/3/2021
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
Popular ,
Proposed Regulation ,
Registration Requirement ,
Transparency
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On November 19, 2020, the Abu Dhabi Global Market (ADGM), a financial free-zone in the United Arab Emirates (UAE), announced the issuance of a public consultation paper on its proposed new Data Protection Regulations 2020...more
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The London Court of International Arbitration (LCIA) has issued updated arbitration rules (the “2020 Rules”). These include some important changes, many of which are designed to address users’ concern to improve time and...more
8/13/2020
/ Arbitration ,
Arbitration Agreements ,
Arbitrators ,
Case Consolidation ,
Case Management ,
Data Protection ,
Dismissals ,
Information Security ,
International Arbitration ,
LCIA ,
Remote Hearings ,
Tribunals
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
On May 4, 2020, the European Data Protection Board (EDPB) adopted two important revisions to its 33-page Guidelines on Consent (Guidelines) under the General Data Protection Regulation (GDPR). The Guidelines are highly...more
On April 15, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority, issued further guidance on its regulatory approach during the global COVID-19 pandemic. Following its March note that we...more
4/21/2020
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
Freedom of Information ,
Guidance Update ,
Information Commissioner's Office (ICO) ,
Public Health Emergency ,
UK
On April 1, 2020, the U.K. Supreme Court handed down its judgment in the case of WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, the first class action-type claim concerning a data breach in the U.K.. In this...more
4/9/2020
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Misconduct ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Data Protection Act ,
UK Supreme Court ,
Vicarious Liability
On February 19, 2020, the Information Commissioner’s Office (ICO), the data protection regulator in the United Kingdom, launched a consultation on its draft guidance on the artificial intelligence (AI) auditing...more
2/27/2020
/ Artificial Intelligence ,
Audits ,
Best Practices ,
Consultation ,
Data Collection ,
Data Processors ,
Data Protection ,
Draft Guidance ,
Information Commissioner's Office (ICO) ,
Information Security ,
Personal Data ,
Risk Management ,
UK
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On November 18, 2019, the U.K. Jurisdiction Taskforce (UKJT), one of six taskforces established by the LawTech Delivery Panel (set up by the U.K. government, the judiciary and the Law Society to promote the use of technology...more
12/13/2019
/ Blockchain ,
Cryptoassets ,
Cryptocurrency ,
Data Protection ,
Digital Assets ,
Distributed Ledger Technology (DLT) ,
Investment Management ,
Investors ,
Smart Contracts ,
UK ,
UKJT
On September 24, 2019, the highest court of the European Union (EU), the Court of Justice of the EU (CJEU), attempted to limit the territorial scope and authority of EU data protection authorities in its recent decision...more
10/4/2019
/ CNIL ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Delisting ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
France ,
General Data Protection Regulation (GDPR) ,
Geo-Blocking ,
Google ,
Member State ,
Right to Be Forgotten ,
Search Engines ,
Website Accessibility ,
Website Owner Liability
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular