The UK’s new Online Safety Act (the “OSA”) and the EU’s Digital Services Act (the “DSA”) both try to make the internet safer by focusing on an online service provider’s systems and processes. But differences in the laws will...more
The surge in use and development of AI systems and products, particularly generative AI, has increased interest in investing in and acquiring companies that offer AI solutions or that have integrated AI into their operations....more
With the rise in multinational technology companies, including startups, it is increasingly common for those companies to use software developers located in countries around the world. Securing an assignment of all...more
This essential guide to the European Data Act is part of Orrick’s Cybersecurity & Privacy Compass Series. The Cybersecurity & Privacy Compass is your global guide to constant cybersecurity and privacy change.
In this guide,...more
The EU AI Act, which is progressing towards adoption by the end of 2023, will be complemented by an update to the European civil liability rules applicable to AI-related claims. Towards the end of 2022, the EU Commission...more
On 4 May 2023 the European Court of Justice ("CJEU") published its decision (case no. C-300/21) in which it ruled that not any infringement of the General Data Protection Regulation ("GDPR") triggers the right to compensation...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
In September 2022, the EU Commission introduced a proposed regulation designed to regulate products in the EU market with a “digital element”. Whilst the newly adopted and updated Network Information Security Directive (NIS...more
From 24 April, 2023, victims of cyber-attacks (as defined by the Criminal Code in italic text below) will have 72 hours to file a complaint with “competent authorities” if they want to obtain reimbursement under their...more
Ce qui change : le Digital Services Act (Règlement (UE) 2022/2065, « DSA ») est entré en vigueur le 16 novembre 2022 et sera applicable à compter du 17 Février 2024. Le champ d’application de cette règlementation est...more
The EU’s Digital Markets Act seeks to ensure that EU digital markets are contestable and fair. The act imposes a set of obligations on designated “gatekeepers” (i.e., providers of core platform services (CPSs), including...more
This is an update to our previous coverage of the Digital Services Act (“DSA”). The final text of Europe’s (EU) Digital Services Act (“DSA”) was recently approved by the Council of the EU Member States. That means that the...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While claims for damages in the event of data protection violations have theoretically existed for some time, they have been gaining in importance since the introduction of the General Data Protection Regulation ("GDPR")....more
After months of anticipation, the European Data Protection Board (EDPB) adopted new Guidelines on the calculation of administrative fines under the GDPR in May 2022. With the newly released Guidelines, the EDPB seeks to...more
Version Française: La loi relative aux dispositifs de contrôle parental sur les appareils connectés est désormais applicable. This Law n°2022-300 of March 2, 2022 provides for new obligations in order to strengthen parental...more
At a hearing on 6 September 2022, lawyers acting for MG Freesites Ltd. (operators of the Pornhub website), raised a constitutional challenge against a recent law that permits France’s online content regulator (ARCOM) to seek...more
On 11 May, 2022, the European Commission announced a proposed regulation aimed at combating and preventing the sexual abuse of children online (the Regulation of the European Parliament and of the Council laying down rules to...more
Analysis of the Baden-Württemberg Procurement Chamber on the admissibility of the use of IT services by European subsidiaries of U.S. cloud providers I. Background In its recently published decision (12 July 2022), a...more
On 26 July 2022, the Lower Saxony data protection authority ("Lower Saxony DPA") announced that it has imposed a fine of 1.1 million euros on Volkswagen ("VW") due to GDPR violations. It found that VW has violated data...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
After more than a year of negotiations the final text of Europe’s (EU) Digital Services Act (“DSA”) has been agreed upon by the EU Parliament, the French Presidency of the Council of the EU, and the European Commission (“EU...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
A “Kafkaesque” bank customer service experience in France has led to a “Right to be Forgotten” own-goal. Following a decision handed down by the judicial tribunal of Grenoble, France, on 7 February 2022, a French bank has...more