On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more
Beginning October 12, 2023, the UK-U.S. Data Bridge will allow UK companies to transfer personal data to the United States using the new EU-U.S. Data Privacy Framework....more
10/17/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
UK
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
The Council of the European Union ("EU") adopted a new Directive to strengthen cybersecurity and resilience across the Union. -
Following the European Parliament's approval on November 10, 2022, the Council of the European...more
On September 28, 2022, the European Commission published two proposals—the Revised Product Liability Directive and the AI Liability Directive—aimed at adapting liability rules to the green and digital transition within the...more
On September 15, 2022, the European Commission ("EU") published a proposal for a Cyber Resilience Act, the first EU-wide legislation introducing a single set of cybersecurity rules for hardware and software products placed in...more
The European Parliament ("EP") and Council formally adopted the Digital Markets Act ("DMA") in July 2022, imposing new behavioral obligations on large digital platforms qualifying as "gatekeepers." The final agreement...more
On February 23, 2022, the European Commission ("Commission") published a proposal for a Data Act which aims at enhancing data access and use within the European Union ("EU")....more
2/24/2022
/ Artificial Intelligence ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
EU ,
European Commission ,
Information Governance ,
International Data Transfers ,
Internet of Things ,
Personal Data ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Small and Medium-Sized Enterprises (SMEs)
The Background: Transfers of personal data to countries outside the European Economic Area ("EEA") must meet certain requirements under the General Data Protection Regulation ("GDPR"). If the third country does not provide an...more
An interest group of EU banks that was formed to assist European financial institutions with their use of public cloud technology recently suggested model terms for the compliant use of cloud technology.
On May 17, 2021,...more
The Development: The European Commission ("EC") recently released two long-awaited legislative proposals, the Digital Services Act ("DSA") and Digital Markets Act ("DMA"), that would significantly increase the EC's regulatory...more
The Situation: After the invalidation of the EU-U.S. Privacy Shield by the Court of Justice of the European Union ("CJEU"), the conditions under which international data may flow from the European Union continue to remain...more
11/23/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Situation: The Court of Justice of the European Union ("CJEU") has ruled that international data flows under the European Union's comprehensive data protection regime, the GDPR, can continue to be based on EU Standard...more
The Situation: On June 3, 2020, the European Securities Market Authority ("ESMA") published a consultation paper on Outsourcing to Cloud Service Providers ("Proposed Guidelines"), which will apply to any institution under the...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
This week, the European Commission published white papers detailing its strategies regarding the use of data and artificial intelligence ("AI"). Several additional reports accompany the white papers and cover topics such as...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
1/29/2020
/ CNIL ,
Consent ,
Cookies ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Public Consultations
The Situation: Fashion ID, a German online clothing retailer, embedded on its website the Facebook "Like" button. When a user consults the website of Fashion ID, that user's personal data are transmitted to Facebook Ireland....more
8/5/2019
/ Cookies ,
Corporate Counsel ,
Data Collection ,
Data Processors ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Joint Liability ,
Personal Data ,
Social Media ,
Website Owner Liability ,
Websites
The Situation: The European Union's Cybersecurity Act becomes effective on June 27, 2019.
The Result: The Act will strengthen the ability of the European Union Agency for Network and Information Security ("ENISA") to help...more
The Situation: The UK Parliament has not approved the draft Brexit Withdrawal Agreement and Political Declaration on the future relationship of the European Union and United Kingdom. The next steps in the Brexit process are...more
The Situation: The General Data Protection Regulation has a broad territorial scope and can apply to businesses based outside the European Union.
The Result: The European Data Protection Board has provided important...more
The Situation: The European Union's General Data Protection Regulation ("GDPR") has raised questions regarding the scope of coverage and protection afforded by current cyber policies, especially with respect to potential GDPR...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: The Legislative Decree 101/2018 ("Harmonization Decree") harmonizes the Italian data protection laws with the General Data Protection Regulation (EU) 679/2016 ("GDPR") provisions. It was enacted and became...more
The Situation: Spain approved emergency legislation regarding data protection that mainly focuses on regulating inspection and sanctioning procedures.
The Purpose: The purpose of this legislation is to allow for the correct...more
9/11/2018
/ Cross-Border ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Parliamentary Procedure ,
Popular ,
Spain