The European Commission (EC) has released an updated version of the Model Contractual Clauses for AI Procurement (MCC-AI), providing further guidance for public-sector buyers navigating AI procurement under the European Union...more
In the ever-evolving landscape of data protection and privacy, the General Data Protection Regulation (GDPR) stands as the most significant legislative framework for processing personal data. Known for its extraterritorial...more
As our world becomes increasingly digital, the importance of cybersecurity has never been more critical.
From personal devices to enterprise networks, cyber threats are evolving at an alarming pace, targeting...more
In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that will revolutionise the way data generated by connected devices is shared...more
On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public...more
The General Data Protection Regulation (GDPR) is a difficult piece of legislation to comply with, and not meeting some of its requirements may lead to hefty fines of up to 4% of global annual revenues of the preceding year or...more
On 10 July 2023, the European Commission adopted its adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from the European Union (EU) to US...more
On 4 May 2023, the Court of Justice of the European Union (CJEU) delivered its decision in the Österreichische Post case (Case C-300/21), in essence deciding that a mere infringement of the General Data Protection Regulation...more
On February 9, 2023, the Court of Justice of the European Union ruled in two decisions (C-453/21 and C-560/21) that a data protection officer (DPO) may have other duties within their role if there is not a conflict of...more
On 13 December 2022, the European Commission issued a draft adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from EU to US companies....more
Key Takeaways -
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed...more
On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on Personal Data Transfers to the Russian Federation, in which it confirmed that data transfers to Russia require a data transfer impact...more
What you need to know in a nutshell -
The Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance will go by its short name: Data Governance Act (DGA). ...more
China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that...more
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection...more
Multinational companies often encounter questions regarding if and when they can transfer personal information across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new...more
On February 23, 2022, the European Commission published its proposal for the Data Act, which aims to maximize the value of industrial data in the economy by ensuring that a wider range of stakeholders gain control over their...more