Key Points The United States Securities and Exchange Commission (SEC) is able to make requests of U.K. firms (including U.K. branches of non-U.K. firms) to provide books and records and other documents of SEC regulated...more
1/26/2021
/ Books & Records ,
Document Requests ,
Financial Conduct Authority (FCA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
IOSCO ,
Personal Data ,
Public Interest ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
UK Brexit ,
UK GDPR
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On November 19, 2020, the Abu Dhabi Global Market (ADGM), a financial free-zone in the United Arab Emirates (UAE), announced the issuance of a public consultation paper on its proposed new Data Protection Regulations 2020...more
The newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
Two developments in the United Kingdom demonstrate the country’s renewed commitment to a sustainable data strategy with appropriate privacy and security safeguards. First, on September 9, 2020, the U.K. government published a...more
9/30/2020
/ Artificial Intelligence ,
Cyber Threats ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Data Storage ,
International Data Transfers ,
Personal Data ,
Research and Development ,
UK
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
9/14/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The London Court of International Arbitration (LCIA) has issued updated arbitration rules (the “2020 Rules”). These include some important changes, many of which are designed to address users’ concern to improve time and...more
8/13/2020
/ Arbitration ,
Arbitration Agreements ,
Arbitrators ,
Case Consolidation ,
Case Management ,
Data Protection ,
Dismissals ,
Information Security ,
International Arbitration ,
LCIA ,
Remote Hearings ,
Tribunals
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
On June 15, 2020, the Government of the United Kingdom issued a joint statement announcing the creation of the Global Partnership on Artificial Intelligence (GPAI) along with 14 other founding members, including the European...more
On May 4, 2020, the European Data Protection Board (EDPB) adopted two important revisions to its 33-page Guidelines on Consent (Guidelines) under the General Data Protection Regulation (GDPR). The Guidelines are highly...more
On April 15, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority, issued further guidance on its regulatory approach during the global COVID-19 pandemic. Following its March note that we...more
4/21/2020
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
Freedom of Information ,
Guidance Update ,
Information Commissioner's Office (ICO) ,
Public Health Emergency ,
UK
On April 1, 2020, the U.K. Supreme Court handed down its judgment in the case of WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, the first class action-type claim concerning a data breach in the U.K.. In this...more
4/9/2020
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Misconduct ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Data Protection Act ,
UK Supreme Court ,
Vicarious Liability
On March 12, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority (DPA), published Guidance for data controllers on their data protection compliance obligations during the COVID-19 pandemic....more
On February 19, 2020, the European Commission (Commission) published proposals for the regulation of Artificial Intelligence (AI) with potentially far-reaching implications both for users and developers worldwide. The...more
3/11/2020
/ Artificial Intelligence ,
Corporate Counsel ,
EU ,
European Commission ,
Legislative Agendas ,
New Legislation ,
Popular ,
Regulatory Agenda ,
Research and Development ,
Technology Sector ,
White Papers
On February 19, 2020, the Information Commissioner’s Office (ICO), the data protection regulator in the United Kingdom, launched a consultation on its draft guidance on the artificial intelligence (AI) auditing...more
2/27/2020
/ Artificial Intelligence ,
Audits ,
Best Practices ,
Consultation ,
Data Collection ,
Data Processors ,
Data Protection ,
Draft Guidance ,
Information Commissioner's Office (ICO) ,
Information Security ,
Personal Data ,
Risk Management ,
UK
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On November 18, 2019, the U.K. Jurisdiction Taskforce (UKJT), one of six taskforces established by the LawTech Delivery Panel (set up by the U.K. government, the judiciary and the Law Society to promote the use of technology...more
12/13/2019
/ Blockchain ,
Cryptoassets ,
Cryptocurrency ,
Data Protection ,
Digital Assets ,
Distributed Ledger Technology (DLT) ,
Investment Management ,
Investors ,
Smart Contracts ,
UK ,
UKJT
On September 24, 2019, the highest court of the European Union (EU), the Court of Justice of the EU (CJEU), attempted to limit the territorial scope and authority of EU data protection authorities in its recent decision...more
10/4/2019
/ CNIL ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Delisting ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
France ,
General Data Protection Regulation (GDPR) ,
Geo-Blocking ,
Google ,
Member State ,
Right to Be Forgotten ,
Search Engines ,
Website Accessibility ,
Website Owner Liability
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
8/6/2019
/ Cookies ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
Data Use Policies ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular
During her campaign, Ursula von der Leyen, now President-elect of the European Commission, suggested she would propose legislation within her first 100 days in office on artificial intelligence (AI). With her victory on July...more
On 15 July 2019, an unprecedented cyber-attack in Bulgaria was announced. Hackers have stolen data from the National Revenue Agency (“NRA”) relating to around 70% of Bulgaria’s population, including foreign nationals and...more
7/22/2019
/ Bulgaria ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Hackers ,
Investigations ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation
On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing