Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
The new framework provides an additional route for personal data transfers from the EEA to the US.
On 10 July 2023, the European Commission (EC) took the final step to enable businesses to start relying on the new EU-US...more
8/1/2023
/ Adequacy Requirement ,
Certification Requirements ,
Compliance ,
Data Privacy ,
Department of Transportation (DOT) ,
Enforcement Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
Switzerland ,
US-EU Safe Harbor Framework
Artificial Intelligence has the potential to be the next transformational technology, and as adoption of AI-powered tools continues to increase, deal activity in the AI space will follow. Regulators and law makers are...more
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches.
...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year.
The European Data Protection Board (EDPB) has announced that its coordinated...more
3/27/2023
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Harmonization ,
Personal Data
The Digital Services Act (DSA) is a key part of the European Union’s (EU) digital regulation strategy, which seeks to modernise legal frameworks and create a safer and more open digital environment.
The DSA entered into...more
On 3 May 2022, the European Commission launched its proposal for a Regulation for the European Health Data Space to “unleash the full potential of health data”. However, questions arise as to whether this proposal is a...more
11/2/2022
/ Biometric Information ,
Consent ,
Data Controller ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Medical Research ,
Personal Data ,
PHI ,
Portability ,
Public Health ,
Public Policy ,
Transparency
The bill has been introduced into the UK’s Parliament with various amendments to the initial draft published in May 2021, reflecting the extensive feedback received and the challenges in reaching a consensus.
In March...more
10/3/2022
/ Digital Service Providers ,
Digital Services ,
Enforcement ,
EU ,
OFCOM ,
Online Advertisements ,
Online Platforms ,
Online Safety for Children ,
Proposed Legislation ,
UK ,
Websites
New announcements and rules expand the scope of existing sanctions and export controls on Russia and Belarus.
This Client Alert summarises the latest sanctions and trade restrictions that have been imposed, or are under...more
New rules and announcements expand existing sanctions and export controls relating to Russia.
This Client Alert is published in the context of ongoing developments and should be read in conjunction with the Latham &...more
5/16/2022
/ Biden Administration ,
Economic Sanctions ,
EU ,
Export Controls ,
Financial Transactions ,
Foreign Policy ,
General Licenses ,
Military Conflict ,
Office of Foreign Assets Control (OFAC) ,
Russia ,
SDN List ,
UK ,
Ukraine
New rules significantly expand the scope of existing sanctions and export controls on Russia.
This Client Alert is published in the context of ongoing developments and should be read in conjunction with the Latham &...more
4/13/2022
/ Asset Freeze ,
Belarus ,
Economic Sanctions ,
EU ,
Export Controls ,
Financial Crimes ,
Foreign Investment ,
General Licenses ,
Japan ,
Russia ,
Trade Relations ,
Trade Restrictions ,
UK ,
Ukraine
The proposals includes fines for non-compliance of up to the greater of £18 million or 10% of a provider’s annual global revenue.
On 12 May 2021, the UK government published the Online Safety Bill (the Bill), which aims...more
6/28/2021
/ Digital Service Providers ,
Digital Services ,
Duty of Care ,
EU ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Proposed Legislation ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Die Datenschutzorganisation noyb droht mit über 10.000 Beschwerden wegen möglicher rechtswidriger Verwendung von Cookies.
Am 31. Mai 2021 startete die Datenschutzorganisation noyb (die Abkürzung steht für „none of your...more
The privacy organisation noyb will file more than 10,000 complaints for use of cookies contrary to its interpretation of compliance.
On 31 May 2021, the nonprofit privacy organisation noyb (short for “none of your...more
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
After the recent two-year anniversary of the GDPR, one fundamental question remains — who does the GDPR apply to?
Last month marked the two-year anniversary of the General Data Protection Regulation (GDPR), but its...more
Update confirms the introduction of an active “duty of care” and a dedicated regulator, as part of a comprehensive new online regulatory regime.
Following a wave of commentary from industry, the social sector, and other...more
2/21/2020
/ Digital Services ,
Duty of Care ,
Enforcement ,
EU ,
EU Directive ,
Likelihood of Harm ,
New Regulations ,
Online Platforms ,
Public Communications ,
Regulatory Standards ,
Social Networks ,
UK ,
White Papers