The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more
The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
On July 16, 2024, the National Data Protection Authority (ANPD) published Resolution No. 18/2024 (Resolution 18) outlining rules on the appointment, definition, duties and activities of a Data Protection Officer (DPO) in...more
The Israeli Privacy Protection Authority (“PPA”) recently published a draft opinion, which is open for public comments, addressing transfers of personal data from Israel to other countries. In this opinion, the PPA seeks to...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
Data processing agreements are a standard part of business arrangements involving personal data due to the European Union’s General Data Protection Regulation as well as the ever-expanding number of U.S. consumer privacy...more
Working from home requires heightened attention to compliance with privacy protection and data security laws. The basis for such compliance, inter alia, is the Israeli Privacy Protection Authority’s guidelines, “Emphases for...more
By now, many of us are using AI, advising others about how to use AI, and waiting for some legislative miracle to give us some guardrails for what we can or cannot be doing with AI. A lot of effort has been put into tracking...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
On 6 July 2023, the French data protection authority (the "CNIL") updated its guidelines on whistleblowing systems again. The last version dated from December 2019. This update is the result of the French transposition of...more
In February 2023, the Brazilian National Data Protection Authority (ANPD) published the rules for the application of sanctions and the methodology for calculating fines for violation of their General Data Protection Law...more
Brazil’s data protection authority recently published regulations that could lead businesses and employers that violate the country’s data privacy laws to be punished with administrative penalties – adding yet more incentive...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
Data subject access requests (DSARs) are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organisation has about...more
Recent reports from several European Data Protection Authorities (DPAs), the bodies empowered to regulate consumer privacy under the General Data Protection Regulation (GDPR), have ruled that Google Analytics violates the...more
...This session, led by industry-acknowledged experts in areas ranging from data protection and privacy to data transfer and legal discovery, provided a professional forum for the explanation of the best approaches,...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
On January 27, 2022, the National Data Protection Authority (ANPD) published Resolution nr. 2, regulating the application of certain provisions of the General Personal Data Protection Act (LGPD) to small processing agents,...more
No dia 27 de janeiro de 2022, a Autoridade Nacional de Proteção de Dados (ANPD) publicou a Resolução n.º 2, regulamentando a aplicação de determinados dispositivos da Lei Geral de Proteção de Dados Pessoais (LGPD) a agentes...more