The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
9/15/2023
/ CNIL ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Risk Management
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
On 26 April 2023, in case T-557/20 (Single Resolution Board v EDPS), the Court of Justice of the European Union in its General Court configuration (the Court) annulled the decision of the European Data Protection Supervisor...more
The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
The Italian supervisory authority (Garante) issued an urgent order against Luka Inc. (Luka), a US-based developer and operator of the online app “Replika” (Replika), an artificial intelligence (AI) chatbot on 2 February 2023....more
The U.S. National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce published its AI Risk Management Framework (AI RMF) on 26 January 2023, a guidance document for organisations designing,...more
2/9/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
NIST ,
OECD ,
Online Platforms ,
Popular ,
Risk Management
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more
On 12 October 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary meeting held on 10 October 2022....more
On 3 October 2022, the new Secretary of State of the Department for Digital, Culture, Media & Sport (DCMS), Michelle Donelan, announced plans to replace the EU GDPR with the UK’s own “business and consumer-friendly, British...more
On 15 September 2022, the European Commission published its proposal for a new Cyber Resilience Act (the Act) that introduces common cybersecurity rules for placing products with digital elements on the EU market. ...more
On 27 July 2022, the Council of State (RVS), the highest administrative court of the Netherlands, published its decision in the VoetbalTV case regarding the interpretation of the legitimate interest legal basis for...more
On 30 June 2022, the EDPB published the documents adopted during its 66th plenary session....more
On 16 June 2022, the Canadian Minister of Innovation, Science and Industry and Minister of Justice and Attorney General of Canada introduced the Digital Charter Implementation Act 2022 to modernise the regulation on...more
On 23 May 2022, the data privacy activist group ‘none of your business’ (noyb) published an open letter on the planned EU-US data transfer deal. ...more
On 6 April 2022, the European Parliament adopted the draft Data Governance Act (the DGA), following trilogue negotiations between EU legislators....more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
On 4 March 2022, the European Data Protection Board (EDPB) published a final version of its Guidelines on Codes of Conduct as tools for transfers of personal data to third countries (Guidelines), adopted during the EDPB...more
On 19 January 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place earlier this week. The EDPB adopted new guidelines that provide guidance on various aspects of data...more
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of whether Member State law may...more
On 24 November 2021, the DCMS announced a new bill that would require manufacturers, importers and distributors of digital tech products (including physical shops and online retailers) to ensure that consumer...more
In the past two weeks, there has been significant progress in relation to a number of pieces of proposed EU legislation relating to data protection, data governance, and digital markets....more
On 19 October 2021, the European Data Protection Board (EDPB) announced that it has published its final guidelines on the restrictions under Article 23 GDPR (Guidelines) following the end of its public consultation and...more