In this month's update: AI Regulatory Landscape: Three Things To Know How will Trump’s “AI Action Plan” and Executive Orders impact U.S. tech and federal procurement? Which companies are subject to “general-purpose” AI...more
8/18/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
Corporate Counsel ,
Donald Trump ,
EU ,
European Commission ,
Executive Orders ,
Financial Services Industry ,
New Legislation ,
Popular ,
Regulatory Requirements
In our continuing coverage of the EU Artificial Intelligence Act, co-hosts Jerry Buckley and Caroline Stapleton are joined by Orrick partners Shannon Yavorsky and Julia Apostle. The conversation explores how companies can...more
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (“DPF"). You can view our brief video discussion about the DPF or read our initial update.
Companies that maintained their...more
This essential guide to the European Data Act is part of Orrick’s Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to constant cybersecurity and privacy change.
In this guide,...more
The EU AI Act, which is progressing towards adoption by the end of 2023, will be complemented by an update to the European civil liability rules applicable to AI-related claims. Towards the end of 2022, the EU Commission...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
This is an update to our previous coverage of the Digital Services Act (“DSA”). The final text of Europe’s (EU) Digital Services Act (“DSA”) was recently approved by the Council of the EU Member States. That means that the...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After months of anticipation, the European Data Protection Board (EDPB) adopted new Guidelines on the calculation of administrative fines under the GDPR in May 2022. With the newly released Guidelines, the EDPB seeks to...more
After more than a year of negotiations the final text of Europe’s (EU) Digital Services Act (“DSA”) has been agreed upon by the EU Parliament, the French Presidency of the Council of the EU, and the European Commission (“EU...more
The United States ("U.S.") and the European Commission ("EU Commission") recently announced an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
On June 7, 2021, the European Commission (Commission) published its long-awaited Implementing Decision adopting standard contractual clauses for the transfer of personal data to third countries referred to as the new Standard...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
6/7/2021
/ Corporate Counsel ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Model Contracts ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK ICO
The European Commission (the "Commission") recently published its highly-anticipated communication and proposal for a "Regulation laying down harmonised rules on artificial intelligence"(the "AI Regulation"). The AI...more
What is the General Data Protection Regulation (GDPR)? The GDPR is an EU law that was passed by parliament and went into effect on May 25, 2018. The GDPR unifies the EU under a single data protection regime for all member...more
4/13/2021
/ Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
Web Tracking
On November 11, 2020, the European Data Protection Board (EDPB) published its long-awaited guidance on what parties to international data transfers should be doing to perform such transfers in a manner compliant with the...more
On October 1st, 2020, the Data Protection Authority of Hamburg (“DPA”) announced that it issued a massive EUR 35.3 million fine against the clothing company H&M Hennes & Mauritz Online Shop A.B. & Co. KG (“H&M”) for the...more
On 16 July, 2020 the European Court of Justice (“CJEU”) published its decision invalidating the EU-U.S. Privacy Shield and setting out enhanced requirements for using the so-called Standard Contractual Clauses for Processors...more
8/26/2020
/ Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
EDPB and data protection authorities’ views and statements on the “Schrems II”- decision by the CJEU -
On 16 July, 2020, the European Court of Justice (“CJEU“) passed a decision invalidating the EU-US Privacy Shield and...more
7/30/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There...more
7/17/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic. Today, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland...more
On January 21, 2019, the CNIL (the French data protection authority) issued a fine of €50 million to Google under the General Data Protection Regulation (the “GDPR”) for its failure to (1) provide notice in an easily...more
6/30/2020
/ Android ,
CNIL ,
Corporate Fines ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
Notice Requirements ,
Personal Data ,
Popular ,
Regulatory Violations