X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
The Labour Party has indicated an intention to implement specific regulation in relation to AI in the UK. However, the manifesto on which the party has won power, did not propose any general AI legislation. New legislation...more
DORA became law in December 2022 but provides for a grace period until 17 January 2025 for organisations to put in place the necessary measures to comply.
The new rules will require engagement from both an operational and...more
3/7/2024
/ Asset Management ,
Audits ,
Cryptoassets ,
Cybersecurity ,
Enforcement ,
EU ,
European Commission ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
New Rules ,
Penalties ,
Reporting Requirements ,
Risk Management ,
Third-Party Risk ,
UCITS
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
California Court Pauses Enforcement of Most Recent CCPA Regulations until March 2024 -
On June 30, 2023, the Superior Court of California, County of Sacramento (California Chamber Of Commerce v. California Privacy...more
7/21/2023
/ Biden Administration ,
California ,
California Consumer Privacy Act (CCPA) ,
Cross-Border ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Presidential Nominations ,
Privacy Framework ,
Proposed Regulation ,
Regulatory Agenda
The Department of Health and Social Care in the United Kingdom has published a proposed update to its policy regarding access to National Health Service (NHS) data for research purposes. The proposed update focuses on the...more
The EU General Court has overruled the European Data Protection Supervisor and held that pseudonymised data will not be personal data for the purposes of EU data protection law when transferred to a recipient that is unable...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P -
On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
10/14/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Broker-Dealer ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Foreign Trade Regulations ,
Gramm-Leach-Blilely Act ,
Hackers ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Investment Adviser ,
Investment Companies ,
Privacy Framework ,
Regulation S-P ,
Request For Information ,
Right of Access ,
Securities and Exchange Commission (SEC) ,
Subject Access Request (SAR) ,
Title V ,
U.S. Commerce Department ,
Uber ,
UK ,
UK GDPR
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
Patent offices and courts around the world have recently been grappling with the question of whether an AI system can be the inventor of a patent. This has been prompted by Dr. Stephen Thaler’s applications to designate his...more
1/20/2022
/ Artificial Intelligence ,
Computer-Related Inventions ,
EU ,
European Patent Office ,
Information Technology ,
Intellectual Property Protection ,
Inventions ,
Inventors ,
Patent Applications ,
Patent Invalidity ,
Patent-Eligible Subject Matter ,
R&D ,
Research and Development
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Key Takeaways -
A new draft EU Regulation aims to encourage the sharing and re-use of data and foster a data-driven economy that shares the benefits of Big Data whilst respecting individuals’ rights in personal data and...more
The new EU-UK Trade and Cooperation Agreement (the “Trade Agreement”) came into effect on 1 January 2021. There are now two versions of the GDPR: the existing EU regime (the “EU GDPR”) and the new ‘UK GDPR’ which applies an...more
A new draft EU Regulation aims to encourage the sharing and re-use of data and foster a data-driven economy that shares the benefits of Big Data whilst respecting individuals’ rights in personal data and commercial rights in...more
12/9/2020
/ Big Data ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Public Sector ,
Regulatory Agenda ,
Regulatory Standards
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The European Commission has issued an "adequacy decision" in respect of Japan reducing the regulatory burden of transferring personal data from the EU to Japan. Japan has made an equivalent decision for transfers to the EU....more
1/31/2019
/ Adequacy Requirement ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Japan ,
Mutual Recognition Agreement ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK Brexit
In anticipation of Brexit, the U.S. Department of Commerce (“DOC”) has published steps it expects to be taken by businesses that rely on Privacy Shield to transfer personal data from the UK to the U.S....more
1/15/2019
/ EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Brexit ,
x
Further to our previous OnPoint “No Deal” Brexit and its Implications for Data Protection, the European Commission has given an update on its “no deal” Brexit contingency planning in a communication published on November 13,...more
On December 3, 2018 the Geo-Blocking Regulation (Regulation (EU) 2018/302) will come into effect in each of the EU member states. As part of a continued effort to provide guidance to businesses in case of a no deal Brexit...more
The prospect of the UK leaving the European Union without a formal agreement in place seems increasingly possible. Businesses need to increase their preparations for a "no deal" scenario and these preparations should include...more
10/8/2018
/ Binding Corporate Rules ,
Consent ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
Article 30 of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, places an obligation upon data controllers and processors to keep internal records of data processing activities. The data...more