On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
On 8 October 2024, the European Data Protection Board (“EDPB”) issued draft Guidelines 1/2024 concerning the processing of personal data based on legitimate interests under Article 6(1)(f) of the GDPR (“Guidance”), which...more
The UK Information Commissioner’s Office (ICO) has recently published an update on its enforcement efforts in respect of website cookie compliance. It follows a letter the ICO sent in November 2023 to 53 of the top 100 UK...more
In December 2023, political agreement was reached by EU policy makers on all substantive aspects of the EU Artificial Intelligence Act. Since then, the close-to-final text of this transformational piece of European...more
As the popularity of AI technologies has continued to grow in 2023, so has the number of laws and regulations seeking to address the potential risks and societal harms that may arise. The evolving legislation and calls to...more
On 8 December 2023, after marathon “trilogue” negotiations, the Council of the EU, the European Parliament and European Commission reached a groundbreaking agreement on the forthcoming AI Act. Although the final text is still...more
Following a re-think of the process for the authorisation of UK BCR after Brexit, the Information Commissioner’s Office (ICO) has devised a new mechanism to significantly streamline approvals. The new process, which was...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 29 March 2023, the UK government published its long-awaited white paper on its intended approach to regulating AI. The proposal seeks to strike a balance between the primary policy objective of creating a ‘pro-innovation’...more
On 8 March 2023, the UK Department for Science, Information and Technology (DSIT) published the Data Protection and Digital Information (No.2) Bill (DPDI 2) which provides an update to the Government's reforms to the UK data...more
On the bumpy road towards a new adequacy decision for EU-U.S. data transfers, the European Data Protection Board (“EDPB”) has published its Opinion 5/2023 (“Opinion”) on the European Commission's (“Commission”) draft adequacy...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
Binding Corporate Rules (BCR) are often considered the “gold standard” for international transfers of personal data subject to the GDPR. In contrast to the Standard Contractual Clauses of the European Commission (SCC), BCR...more
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
On 17 June 2022, the UK government published its refined plans for reforming UK data protection law, following a detailed consultation exercise undertaken last year. The proposals form part of wider changes to the UK...more
6/28/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legislative Agendas ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
On 25 May 2022, the European Commission released long-awaited guidance for the Standard Contractual Clauses (SCCs) adopted in June 2021. The Commission has developed Questions and Answers (Q&As) as a dynamic source of...more
Hogan Lovells’ Privacy and Cybersecurity team have made a formal submission to the Information Commissioner’s Office consultation on how organisations can continue to protect people’s personal data when it is transferred...more
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
6/4/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
1/18/2021
/ Court of Justice of the European Union (CJEU) ,
Cross-Border ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Lead Supervisory Authority ,
Personal Data ,
Popular
On 16 December 2020, the EU released its proposed revisions to the existing Directive 2016/1148 on the security of network and information systems (NIS2)....more
Right on the heels of the practical guidance issued by the European Data Protection Board (EDPB) on supplemental safeguards for international data transfers and European Essential Guarantees for surveillance measures, on...more
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
As the world focuses its efforts on the right strategy to beat the coronavirus and make normal life safe again, businesses are devising and implementing a variety of measures to deal with the COVID-19 crisis which rely on the...more
5/21/2020
/ Clinical Trials ,
Cloud Computing ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Privacy Rights ,
Personally Identifiable Information ,
Screening Procedures