The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
On 25 January 2023, France’s Orientation and Programming Law of the Ministry of the Interior (LOPMI) was published in the Official Journal. LOPMI amends various legislative acts, including the French Insurance Code....more
The Court of Justice of the European Union (CJEU) published its decision in Norra Stockholm Bygg AB v Per Nycander AB, C-268/2021 (Norra) on 2 March 2023. The CJEU held that the GDPR applies, in civil court proceedings, to...more
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
The Italian supervisory authority (Garante) issued an urgent order against Luka Inc. (Luka), a US-based developer and operator of the online app “Replika” (Replika), an artificial intelligence (AI) chatbot on 2 February 2023....more
The U.S. National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce published its AI Risk Management Framework (AI RMF) on 26 January 2023, a guidance document for organisations designing,...more
2/9/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
NIST ,
OECD ,
Online Platforms ,
Popular ,
Risk Management
The European Commission issued its non-binding guidance on 1 February 2023 to help providers of online platforms and search engines comply with the requirement of the Digital Services Act (DSA) to publish information on their...more
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more
On 12 October 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary meeting held on 10 October 2022....more
On 3 October 2022, the new Secretary of State of the Department for Digital, Culture, Media & Sport (DCMS), Michelle Donelan, announced plans to replace the EU GDPR with the UK’s own “business and consumer-friendly, British...more
On 15 September 2022, the European Commission published its proposal for a new Cyber Resilience Act (the Act) that introduces common cybersecurity rules for placing products with digital elements on the EU market. ...more
On 27 July 2022, the Council of State (RVS), the highest administrative court of the Netherlands, published its decision in the VoetbalTV case regarding the interpretation of the legitimate interest legal basis for...more
On 30 June 2022, the EDPB published the documents adopted during its 66th plenary session....more
On 16 June 2022, the Canadian Minister of Innovation, Science and Industry and Minister of Justice and Attorney General of Canada introduced the Digital Charter Implementation Act 2022 to modernise the regulation on...more
On 23 May 2022, the data privacy activist group ‘none of your business’ (noyb) published an open letter on the planned EU-US data transfer deal. ...more
On 6 April 2022, the European Parliament adopted the draft Data Governance Act (the DGA), following trilogue negotiations between EU legislators....more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
On 4 March 2022, the European Data Protection Board (EDPB) published a final version of its Guidelines on Codes of Conduct as tools for transfers of personal data to third countries (Guidelines), adopted during the EDPB...more
On 10 February 2022, the French supervisory data protection authority (CNIL) announced that it issued a formal notice to a website operator to bring its data processing in relation to audience measurement and analysis in...more
On 2 February 2022, the Department for Digital, Culture, Media and Sport (DCMS) laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s...more
On 20 January 2022, the European Parliament finalised its position on the draft Digital Services Act (DSA), which was adopted with a broad majority during the plenary session....more
On 19 January 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place earlier this week. The EDPB adopted new guidelines that provide guidance on various aspects of data...more
Software-focused transactions, involving an increasingly diverse range of participants, are now dominating the technology M&A market....more
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of whether Member State law may...more