This month we cover developments involving the Federal Trade Commission, the Centers for Medicare & Medicaid Services, the Financial Stability Board, the California Privacy Protection Agency, the Colorado Division of...more
The long-awaited proposed AI Act, once enacted, will be a comprehensive cross-sectoral regulatory framework for artificial intelligence (AI). Its aim is to regulate the development and use of AI by providing a framework of...more
On 19 September 2023, the UK Parliament passed the Online Safety Bill (“OSB”). The OSB aims to protect individuals from illegal online content and focuses on the protection of children by requiring the removal of content that...more
10/18/2023
/ Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Online Platforms ,
Online Safety for Children ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
UK
Our latest briefing dives into new local laws about AI and how it affects both employment and insurance industries, the launch of NIST’s Trustworthy & Responsible Artificial Intelligence Resource Center and the plans for it...more
On July 18, 2022, the U.K. Government published a paper on its proposals for AI regulation “Establishing a pro-innovation approach to regulating AI” (the AI Paper). This was published alongside the Government’s AI Action...more
The below is a brief summary of the judgment handed down in Lloyd v Google LLC [2021] UKSC 50 by the Supreme Court on November 10, 2021 as potentially one of the most significant and anticipated data privacy judgments to...more
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework.
The U.K. government has signalled its...more
Last year’s European Court of Justice (ECJ) judgement in Data Protection Commissioner v Facebook Ireland LTD, Maximillian Schrems, C-311/18 (Schrems II) continues to have ramifications for cross border data transfers. The...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
11/10/2020
/ Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
The U.K. government recently launched a consultation process for regulating consumer Internet of Things (IOT) security. This could have significant implications for U.S. manufacturers, given that the U.K. will remain a key...more
On April 17, the U.K. Information Commissioner (Commissioner) published an Opinion on the recently announced joint initiative by Apple and Google to assist health authorities with contact tracing in the fight against...more
The U.K.’s data protection regulator, the Information Commissioner’s Office (ICO) has today issued guidance setting out how it intends to approach the enforcement of the General Data Protection Regulation (GDPR) during the...more
The General Data Protection Regulation (GDPR) provides that personal data may only be transferred to a country outside the European Economic Area (EEA) if that country ensures an adequate level of protection for personal...more
1/7/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
On 21 March 2019, an advocate general (AG) of the Court of Justice of the European Union (CJEU) delivered an opinion that sheds light on key issues related to websites’ use of cookies — data packets that can be used by...more
The General Data Protection Regulation (GDPR) significantly expanded the territorial scope of EU data protection law. This was intended to ensure comprehensive protection for EU data subjects’ rights and establish a level...more
Six months have now passed since the implementation of the EU General Data Protection Regulation (GDPR). The GDPR has raised awareness of the importance of personal privacy as a fundamental right and placed data protection...more
11/28/2018
/ Consent ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The advent of the European Union’s General Data Protection Regulation (GDPR) has prompted other countries and regions to work to enhance their privacy regulations to meet the GDPR standards. On July 17, Japan became the...more
8/29/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Japan ,
Personal Data ,
Popular
July 25 marks the end of the second month since the General Data Protection Regulation (GDPR) went into effect. Following recent revelations regarding certain data practices, and as data privacy and protection issues become...more
Almost a month has now passed since the General Data Protection Regulation (GDPR) entered into force. Apocalyptic predictions of huge global fines and regulatory action against businesses located outside the European Union...more
On October 18, 2017, the EU Commission released its report of the first annual review of the EU-U.S. Privacy Shield framework. The Privacy Shield is the successor of the Safe Harbor Agreement which was invalidated by the...more
10/23/2017
/ Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Popular ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The long-running legal challenge on the validity of transfers of personal data from the European Union reached another milestone last week. On October 3, the Irish High Court referred questions on the validity of EU Standard...more
The Grand Chamber of the European Court of Human Rights (ECtHR) has clarified the law surrounding the monitoring of employees’ private communications in the workplace. The decision overturns the earlier ruling of the lower...more
A year from today, radical changes to data privacy laws in the European Union will come into effect. Businesses should start preparing now, given the significant changes. The General Data Protection Regulation (GDPR) will...more
The U.K. has voted, in a popular referendum, to leave the EU. The referendum is not legally binding and the result was extremely narrow: 51.9 percent in favor of leaving, 48.1 percent in favor of remaining. This partly...more
6/28/2016
/ EFTA ,
EU ,
European Economic Area (EEA) ,
European Patent Office ,
European Union Trade Mark (EUTM) ,
Fund Managers ,
General Data Protection Regulation (GDPR) ,
Investment Funds ,
Member State ,
Popular ,
Referendums ,
UK ,
UK Brexit