On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
Following a re-think of the process for the authorisation of UK BCR after Brexit, the Information Commissioner’s Office (ICO) has devised a new mechanism to significantly streamline approvals. The new process, which was...more
On August 24, 2023, twelve international data protection and privacy regulators from the Americas, Europe, Africa, and APAC announced their “global expectations of social media platforms and other sites to safeguard against...more
With the rapid rise of artificial intelligence, governments and policymakers are racing to release their own proposals on regulating the technology. Major jurisdictions including the EU, US, UK, and China are all at various...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 8 March 2023, the UK Department for Science, Information and Technology (DSIT) published the Data Protection and Digital Information (No.2) Bill (DPDI 2) which provides an update to the Government's reforms to the UK data...more
On the bumpy road towards a new adequacy decision for EU-U.S. data transfers, the European Data Protection Board (“EDPB”) has published its Opinion 5/2023 (“Opinion”) on the European Commission's (“Commission”) draft adequacy...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more
On March 25, 2022, The European Commission and the United States Government announced they had “agreed in principle” on a new Trans-Atlantic Data Privacy Framework (”Framework”) to enable flows of personal data from the EU to...more
As the world focuses its efforts on the right strategy to beat the coronavirus and make normal life safe again, businesses are devising and implementing a variety of measures to deal with the COVID-19 crisis which rely on the...more
5/21/2020
/ Clinical Trials ,
Cloud Computing ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Privacy Rights ,
Personally Identifiable Information ,
Screening Procedures
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
The UK’s consumer sector has shown resilience against the backdrop of challenging political and economic conditions. Consumers in the UK remain willing to spend; however, the way in which they do so is changing, with...more
2/19/2020
/ Arbitration ,
B2B Transactions ,
Consumer Protection Laws ,
Customs ,
Data Privacy ,
Doing Business ,
E-Commerce ,
Exports ,
Financial Services Industry ,
Imports ,
Intellectual Property Protection ,
Ownership of Works ,
Payment Systems ,
Real Estate Market ,
Regulatory Oversight ,
Regulatory Standards ,
Strict Product Liability ,
Supply Chain ,
Tariffs ,
UK
On January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access...more
1/20/2020
/ Advocate General ,
Data Privacy ,
Data Protection ,
Data Retention ,
e-Privacy Directive ,
Electronic Communications ,
Electronic Data Transmissions ,
EU ,
Government Agencies ,
Investigatory Powers Act 2016 ,
National Security ,
Personal Data ,
Right of Access ,
Telecommunications Act ,
UK ,
UK Brexit
On 10 January 2017, the European Commission issued a proposal for a new ePrivacy Regulation (ePR) triggering a legislative process that is still ongoing. The proposed ePR was intended to replace the existing ePrivacy...more
11/26/2019
/ Blockchain ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Distributed Ledger Technology (DLT) ,
E-Commerce ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Internet of Things ,
Personal Data ,
Risk-Based Approaches
In this edition we survey the latest legal and regulatory developments across the global media and communications industry. We have a particular focus on new privacy laws.
...more
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.
To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
8/9/2018
/ Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Privacy Policy ,
Risk Mitigation
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
7/31/2018
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulatory Requirements ,
Risk Management
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
...more
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
The job of the legal and compliance teams is to...more
6/11/2018
/ Competition ,
Data Privacy ,
Information Governance ,
Intellectual Property Protection ,
Litigation Strategies ,
Ownership Rules ,
Personal Data ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Strict Compliance
Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to...more