In the rapidly evolving landscape of European tech regulation, the Data Act introduces changes with the potential to reshape established market dynamics, presenting significant challenges and opportunities for affected...more
8/20/2025
/ Cloud Service Providers (CSPs) ,
Data Privacy ,
Data Processing Rules ,
Data Processors ,
Data Protection ,
Digital Assets ,
EU ,
New Legislation ,
Regulatory Requirements ,
Service Contracts ,
Technology ,
Technology Sector
The technology and digital regulatory environment in the EU and the UK is experiencing significant evolution in 2025 and beyond. These legal developments present both significant opportunities and complex compliance...more
7/17/2025
/ AI Act ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
EU ,
New Legislation ,
Online Safety for Children ,
Popular ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology ,
Technology Sector ,
UK
Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
2/20/2025
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Legal Opinion ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Transparency
The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more
2/20/2025
/ Affiliates ,
Civil Monetary Penalty ,
Corporate Fines ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Privacy Laws
Welcome to our Litigation 2024 Year in Review and 2025 Outlook. In this report, we examine the legal trends that have shaped the commercial landscape in Europe and the UK and explore how these developments are likely to...more
2/11/2025
/ Arbitration ,
Class Action ,
Competition ,
Contract Disputes ,
Corporate Governance ,
Cryptocurrency ,
Data Privacy ,
Enforcement Actions ,
Environmental Social & Governance (ESG) ,
EU ,
European Commission ,
Financial Institutions ,
Insolvency ,
Litigation Strategies ,
Mergers ,
Regulatory Reform ,
UK ,
Whistleblower Protection Policies ,
Whistleblowers
The EU AI Act came into effect on 1 August 2024, and the first obligations under the Act will become applicable from 2 February 2025. Providers and deployers of AI systems must ensure that their employees and contractors...more
The Directive expands the scope of liability to digital products (including AI systems), fulfilment service providers, and online platforms, while reducing the burden of proof for claimants.
On 9 December 2024, the new...more
The Draft Code sets out various obligations relating to transparency, copyright compliance, and management of systemic risks for providers of GPAI models....more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
After three years of legislative debate, the Council of the European Union cast its final vote on the European Union (EU) Artificial Intelligence (AI) Act on 21 May 2024. Once published in the EU Official Journal in June, the...more
EU-Parlament soll im Februar 2024 über Neuregelung zur Sanktionierung von DSGVO-Verstößen entscheiden -
Die geplante Neuregelung soll im Februar im EU-Parlament verabschiedet werden. Sie wäre sehr nachteilig, wenn ihr...more
Die Verhängung von Geldbußen nach Art. 83 DS-GVO nimmt in der Praxis eine immer wichtigere Stellung ein. Deutsche und andere europäische Aufsichtsbehörden verhängen immer mehr und höhere Bußgelder wegen Datenschutzverstößen. ...more
Europäische Datenschutzbehörden verhängen immer höhere Geldbußen. Dementsprechend nimmt auch die Bedeutung einer effektiven Verteidigung von Unternehmen in Bußgeldverfahren wegen DS-GVO-Verstößen stetig zu.
Ursprünglich...more
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches.
...more
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
5/23/2023
/ Corporate Fines ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
Facebook ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Standard Contractual Clauses ,
Statutory Violations
The court determined that mere infringement of the GDPR is insufficient for a damages claim, but that there is no minimum threshold for non-material damages.
In a recent judgment (Case C-300/21), the Court of Justice of...more
5/17/2023
/ Calculation of Damages ,
Court of Justice of the European Union (CJEU) ,
Damages ,
De Minimis Claims ,
EU ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Member State ,
Personal Data ,
Rules of Civil Procedure ,
UK
Der Europäische Gerichtshof („EuGH“) legt die Anforderungen für Schadensersatz nach Art. 82 EU Datenschutz-Grundverordnung („DSGVO“) in einem neuen Urteil weit aus (Urteil vom 4. Mai 2023, C-300/21). Zwar trifft der EuGH...more
Organisations must provide individuals with information on the specific recipients of their data upon request.
The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
The CJEU’s final ruling could subject companies to direct GDPR enforcement by DPAs notwithstanding national procedural rules, but may rule against strict liability under the GDPR.
On 27 April 2023 Advocate General of the...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
3/8/2023
/ Civil Monetary Penalty ,
Corporate Fines ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Regulatory Violations ,
Risk Assessment ,
Risk Mitigation
Bußgelder wegen Verstößen gegen die komplexen Anforderungen des EU-Datenschutzrechts werden zu einem immer größeren Risiko für Unternehmen. Europäische Aufsichtsbehörden haben bereits mehrere dreistellige Millionenbußgelder...more