The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
Laws/Regulations directly regulating AI (the “AI Regulations”)
The primary legislative framework for regulating AI...more
4/14/2025
/ AI Act ,
Artificial Intelligence ,
Compliance ,
Data Protection ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Transparency
On November 27, 2023, the European Union ("EU") adopted the final text of the Data Act, marking an effort to create a harmonized, cross-sectoral data sharing framework with the stated goal of ensuring fair access to and use...more
11/30/2023
/ B2B Organizations ,
Corporate Counsel ,
DATA Act ,
Data Protection ,
Digital Data ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Personal Data ,
Small and Medium-Sized Enterprises (SMEs) ,
Technology Sector
The UK-US Data Bridge (the "Data Bridge") has now come into effect, potentially simplifying transfers of personal data from the UK to the US.
On 12 October 2023, the Data Bridge took effect. The Data Bridge allows UK...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
The Court of Justice of the European Union (CJEU) ruled out automatic damages awards for civil litigants establishing infringements of the General Data Protection Regulation (GDPR). At the same time, the CJEU suggested that...more
The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more
The Advocate General of the Court of Justice of the EU has issued an Opinion stating that mere "upset" is not sufficient to give rise to a claim for compensation under Article 82 of the GDPR....more
On January 18, 2022, the European Data Protection Board (the "EDPB") issued the Guidelines 01/2022 on data subject rights - Right of access (the "Draft Guidelines"), laying out its interpretation of Article 15 GDPR on the...more
In recent weeks, there has been a series of important developments affecting cross-border data transfers. First, on 21 June 2021, the European Data Protection Board ("EDPB") published its final, much-anticipated...more
The European Commission recently published an updated version of the standard contractual clauses for the transfer of personal data to third countries ('SCCs'). Companies can use such SCCs to provide the appropriate...more
6/21/2021
/ Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On 14 April 2021, the European Data Protection Board ("EDPB") announced that it had adopted two Opinions on the draft UK adequacy decisions issued by the European Commission on 19 February 2021. The EDPB’s take on the draft...more
4/16/2021
/ Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Standard Contractual Clauses ,
UK ,
UK Brexit
In a positive development for multinational businesses, the Brexit Trade and Cooperation Agreement provides a temporary solution to allow the continued transfer of personal data from the EEA to the UK without the need for...more
In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
7/19/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
3/28/2020
/ Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Personally Identifiable Information ,
Privacy Notice Rule ,
Public Health Emergency ,
Sick Employees ,
UK ,
UK Data Protection Act ,
Virus Testing
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/23/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Malta ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/21/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Netherlands ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/18/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Norway ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed replacing the main pre-GDPR legislation...more
1/17/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Poland ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/14/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Portugal ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated in addition to new legislation being...more
1/13/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Romania ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/11/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
Slovakia
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Slovenia is in the process of adopting new legislation (the “Draft Law”)....more
1/10/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
Slovenia
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
1/9/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
Spain
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
The main national pre-GDPR act on data privacy has been revoked, whereas...more
1/8/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
Sweden