The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
4/16/2025
/ Cybersecurity ,
Data Processors ,
Digital Operational Resilience Act (DORA) ,
Distributors ,
EU ,
General Data Protection Regulation (GDPR) ,
Hardware ,
Importers ,
Manufacturers ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Supply Chain
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
2/4/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
U.S. companies can now self-certify to permit personal data to freely flow from the Europe to the United States.
U.S. organizations can now self-certify their compliance with the EU-U.S. Data Privacy Framework (DPF) to...more
7/27/2023
/ BCRs ,
Data Integrity ,
Data Privacy ,
Data Security ,
Department of Transportation (DOT) ,
Enforcement ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
7/11/2022
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Policy ,
Private Right of Action ,
Proposed Legislation ,
Small Business ,
Third-Party Service Provider
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
The EDPB has issued recommendations concerning how organisations may lawfully transfer personal data from Europe to “third countries” (e.g., the U.S. and currently the UK from 1.1.2021) in light of the recent Schrems II...more
11/25/2020
/ EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legal Systems ,
New Guidance ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The UK Data Protection Authority, the Information Commissioner’s Office (ICO), has published an update report on privacy issues around real-time bidding (RTB) and programmatic advertising. ...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
The Irish High Court has “well-founded” concerns that there is no...more
11/17/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses
The UK Government has published a statement of intent containing details of its proposed Data Protection Bill. The full text of the Bill is expected in September 2017, when the UK Parliament returns from its summer...more