The European Parliament has approved a revised version of the EU Artificial Intelligence Act (AIA), which appears to be on a path to adoption by the EU later this year. The AIA is the most comprehensive legislation in the...more
The emergence of tools like ChatGPT has demonstrated the tremendous business potential for artificial intelligence. At the same time, businesses need to be aware of the growing patchwork of laws and regulations in the U.S....more
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous standard contractual clauses were created...more
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US),...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The successful management of COVID-19 relies on the quick analysis and collection of health data, which can raise privacy issues particularly in the European Union. ...more
The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Protection Authority ,
e-Privacy Directive ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Germany ,
Online Gaming ,
UK ICO ,
Websites
Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures....more
3/8/2019
/ Cookie Banners ,
Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Violations ,
Transparency ,
Vulnerability Assessments
Since the General Data Protection Regulation (“GDPR”) took effect on May 25, 2018, US companies without facilities or employees in Europe have struggled to understand the extraterritorial scope of the GDPR....more
12/3/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
5/4/2017
/ Article 29 Working Party (WP29) ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Electronic Protected Health Information (ePHI) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Hospitals ,
International Data Transfers ,
Personal Data ,
Popular ,
Telecommunications
The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more
The European Commission's proposed e-privacy regulation sets forth obligations on handling electronic communications and clarifies obligations for seeking consent for the use of cookies. Meant to bring the e-privacy directive...more
1/13/2017
/ Cookies ,
Corporate Counsel ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Facebook ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Metadata ,
Mobile Apps ,
Prior Express Consent ,
Privacy Laws ,
Telecommunications ,
WhatsApp
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
The European Parliament has voted to adopt the draft text of the General Data Protection Regulation (GDPR), which imposes enhanced requirements on organizations processing personal data in the European Union and transferring...more
The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more
The Judicial Redress Act (Act), signed into law on February 24, 2016, by President Obama, extends the privacy protections offered to U.S. citizens under the Privacy Act of 1974 to citizens of ''covered countries'' overseas....more
The European Commission (EC) and the U.S. Department of Commerce have reached an agreement to create a framework for transfers of personal data from the European Union to the United States. The framework, named the EU-U.S....more