On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
The European Data Protection Board (EDPB) recently adopted a statement suggesting the Data Protection Authorities’ (DPAs) role with regard to the EU AI Act recently published in the Official Journal of the EU....more
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
The Dutch Data Protection Authority (AP) has recently issued new guidance on data scraping. The guide highlights the significant legal risks it poses to personal data and the restrictions required under the GDPR....more
On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform....more
Privacy regulators, including the EU data protection authorities (EU DPAs), are expected to increase their scrutiny of data scraping to train AI algorithms. Data scraping involves the collection of large amounts of publicly...more
EU data protection authorities (DPAs) will likely start enforcing the requirements of the EU AI Act, the world’s first comprehensive AI regulation, despite the Act likely not entering into full force until 2026....more
By now, many of us are using AI, advising others about how to use AI, and waiting for some legislative miracle to give us some guardrails for what we can or cannot be doing with AI. A lot of effort has been put into tracking...more
Europäische Datenschutzbehörden verhängen immer höhere Geldbußen. Dementsprechend nimmt auch die Bedeutung einer effektiven Verteidigung von Unternehmen in Bußgeldverfahren wegen DS-GVO-Verstößen stetig zu. Ursprünglich...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
The European Parliament voted on June 14, 2023 to adopt its position on the draft EU Artificial Intelligence Act (EU AI Act) that would impose a comprehensive regulatory regime on AI. More rules are expected to follow for...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
It is, by now, well known that not taking data protection seriously can prove costly for organizations. Since the introduction of the European General Data Protection Regulation (the "GDPR") in 2018, non-GDPR-compliant...more
The Spanish Data Protection Authority has opened a public consultation process to obtain comments for an incoming decision establishing the rules for commercial communications via telephone. This decision will be binding upon...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities...more
Greece’s privacy protection authority recently announced it was fining Intellexa, an Israeli cyber tech company, EUR 50,000. The Hellenic Data Protection Authority (HDPA) imposed the fine as part of an investigation it...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
The Data Protection Authority (“DPA”) of the German state Hamburg is one of the first European DPA to publish an optimistic assessment on the U.S. Executive Order on “Enhancing Safeguards for United States Signals...more
In a string of executive actions unveiled on October 7, 2022, the U.S. government took steps to implement the EU-U.S. Data Privacy Framework (DPF), the third attempt to secure trans-Atlantic data flows after the European...more