One of the key aspects of the EU AI Act (“AI Act”)[1] is linked to the qualification of providers and deployers and the nuances which help distinguish between the two categories of stakeholders. What would this mean in...more
AI is accelerating digital transformation for companies and data governance is a key pillar in this change, enabling data strategies that unlock the potential of AI, and mitigate the risks associated with its use. Data...more
9/12/2024
/ Artificial Intelligence ,
Corporate Governance ,
Data Management ,
Data Privacy ,
Data Protection ,
EU ,
Information Governance ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
UK
The Artificial Intelligence Act (AI Act) entered into force on 1 August 2024 and is the world's first comprehensive legal framework for AI regulation. As companies start incorporating AI tools into their business, products...more
EU Regulation 2024/1689, also known as the Artificial Intelligence Act (AI Act), enters into force as of 1 August 2024. But when will it become applicable?
The AI Act sets out a harmonized legal framework for the...more
8/5/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Protection ,
EU ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
This blog notes some of the key features of the Addendum. At its core, the Addendum can be used in relation to both controller BCRs and processor BCRs. Organisations then have a choice as to whether they use the Addendum in...more
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
The UK-US data bridge is the UK Government’s preferred terminology to describe its decision to permit the flow of personal data from the UK to the US, achieved through the UK Extension to the EU-US Data Privacy Framework. The...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The European Data Protection Board (EDPB) published the final version of the Guidelines on the calculation of administrative fines under the GDPR (Guidelines) on 7 June 2023. The Guidelines aim to harmonize the approach to...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
6/5/2023
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Pakistan ,
Personal Data
The European Parliament’s committees for Civil Liberties, Justice and Home Affairs (LIBE) and for Internal Market and Consumer Protection (IMCO) adopted a report setting out the Parliament’s vision for the proposed EU...more
The EDPB published its 2022 activity report “Streamlining Enforcement Through Cooperation” (the Activity Report) on 17 April 2023, which provides an overview of the work it carried out in 2022. The report reflects on, amongst...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The European Data Protection Board (EDPB) held its 77th plenary meeting on 28 March 2023. The EDPB considered the following key topics...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
3/23/2023
/ Advocate General ,
Court of Justice of the European Union (CJEU) ,
Credit Rating Agencies ,
Data Controller ,
Data Management ,
Data Subject Access Requests ,
Data Subjects Rights ,
DPA ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Requests ,
Personal Data
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
The European Data Protection Board (EDPB) has adopted, on 16 June 2022, the draft guidelines on certification as a tool for transfers of data to third countries without adequacy status (the Guidelines). The text of the...more
On 5 May 2022, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion (Opinion) addressing the legislative proposal of the European Commission for the EU Data Act,...more
On 2 February 2022, the Department for Digital, Culture, Media and Sport (DCMS) laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s...more
On 18 November 2021, the European Data Protection Board (EDPB) adopted a statement (the Statement) on the recent legislative proposals issued as part of the European Commission’s Digital Services Package and Data Strategy. ...more
On 19 November 2021, the European Data Protection Board (EDPB) published the much-awaited draft guidance on the interplay between the provisions of the GDPR on territorial scope (in Article 3) and on international data...more
On 27 September 2021, the European Data Protection Board (EDPB) published its opinion on the draft adequacy decision of the European Commission in relation to the Republic of Korea (the Opinion). This is the first opinion on...more
On 8 September 2021, the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs published a briefing about the report that considered the ethical issues surrounding use of biometric...more