The UK’s Online Safety Act 2023 (OSA) is a comprehensive piece of legislation designed to regulate social media companies and search services and to increase protections for individuals online. It draws comparisons to the...more
2/19/2025
/ Data Privacy ,
Data Protection ,
Enforcement Actions ,
New Legislation ,
Online Platforms ,
Online Safety for Children ,
Risk Assessment ,
Risk Management ,
Social Media ,
Transparency ,
UK
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
2/4/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software...more
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
United States: The Administration and Congress are taking initial steps to produce legislation to regulate AI and using interim measures, such as the White House’s recently announced voluntary agreement with seven prominent...more
8/14/2023
/ Artificial Intelligence ,
China ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
EU ,
Machine Learning ,
New Guidance ,
New Regulations ,
OECD ,
OSTP ,
Personal Information ,
UK
The interim administrative measures, which are the first comprehensive AI regulations in the People’s Republic of China (PRC or China), apply only to using generative AI technology to provide services to the public within the...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers.
The new DORA seeks to strengthen the resilience of financial...more
7/21/2023
/ Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information and Communication Technology (ICT) ,
Information Technology ,
Internet Service Providers (ISPs) ,
New Legislation ,
New Regulations ,
Third-Party Service Provider
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
7/11/2022
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Policy ,
Private Right of Action ,
Proposed Legislation ,
Small Business ,
Third-Party Service Provider
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify...more
DPC has echoed concerns of other regulators around the use of tracking, analytics and marketing cookies by companies.
The Irish Data Protection Commission has issued new cookies and tracking Guidance and a Report following...more
UK Supreme Court ruled this week in favour of retailer facing vicarious liability class action claims following significant data breach caused by rogue employee. The case is a stark reminder of the responsibilities of...more
This guide has been compiled to give an overview of the rudimentary legal aspects that should be considered by anyone thinking of establishing a business in the UK. It is aimed at businesses that may already be established in...more
1/27/2020
/ Board of Directors ,
Business Assets ,
Business Development ,
Business Entities ,
Business Formation ,
Capital Formation ,
Capital Gains ,
Corporate Governance ,
Data Breach ,
Data Processors ,
Data Protection ,
Debt Collection ,
Employer Liability Issues ,
Employment Tax ,
Foreign Workers ,
General Data Protection Regulation (GDPR) ,
Insolvency ,
Intellectual Property Protection ,
International Data Transfers ,
Libor ,
Personal Data ,
Privacy Laws ,
Real Estate Transactions ,
Shareholders ,
Startups ,
UK ,
UK Brexit ,
Value-Added Tax (VAT)
This guide has been compiled to give an overview of the rudimentary legal aspects that should be considered by anyone thinking of establishing a business in the UK. It is aimed at businesses that may already be established in...more
12/30/2019
/ Board of Directors ,
Business Assets ,
Business Formation ,
Capital Formation ,
Choice of Entity ,
Corporate Governance ,
Data Protection ,
Insolvency ,
Intellectual Property Protection ,
Labor Code ,
UK
Establishing and Managing a Business in the UK”, authored by the attorneys of Pillsbury’s London office, is a concise and practical guide for foreign investors in the UK. The guide covers key concerns and topics such as...more
5/1/2019
/ Commercial Leases ,
Commercial Real Estate Contracts ,
Corporate Financing ,
Corporate Governance ,
Data Protection ,
Debt Collection ,
Equity Financing ,
Insolvency ,
Intellectual Property Protection ,
Registration Requirement ,
UK ,
UK Brexit
How will the new European Union data protection law affect U.S. nonprofit organizations?
Nonprofit organizations based in the U.S. can often handle large amounts of data which originates in the EU—for example, they may...more
4/24/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Nonprofits ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Websites
NHS and social care organisations in the UK are being encouraged to take a fresh look at public cloud services given the myriad benefits of doing so.
The guidance is timely given the coming into force of the GDPR in May,...more
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
The Irish High Court has “well-founded” concerns that there is no...more
11/17/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses
Those of us who have been grappling with how best to approach GDPR compliance in outsourcing and other commercial contracts will be all too familiar with Article 28 of the GDPR, which sets out a number of minimum contract...more
The UK Government has published a statement of intent containing details of its proposed Data Protection Bill. The full text of the Bill is expected in September 2017, when the UK Parliament returns from its summer...more
The final text of the significant new EU General Data Protection Regulation (GDPR) has now been published (4 May 2016) in the Official Journal of the European Union. This means the clock is now ticking for the sweeping new...more
European Union officials finally reached agreement this week on a new European data protection regulation (Regulation) that will essentially tear up existing European laws, introduce a brand new statutory regime and...more