Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies....more
The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
On December 17, 2024, the European Data Protection Board ("EDPB" or Board) issued Opinion 28/2024, addressing data protection aspects related to the processing of personal data in the context of artificial intelligence ("AI")...more
There is more to learn from the European Data Protection Board’s recent opinion on AI models. I previously reviewed the EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised...more
As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation,...more
The EU Data Act is one of the cornerstones of the EU's Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU's data economy. Most of the provisions of the Data Act will become...more
Sharing personal data is necessary for most organisations, but it also entails certain data protection risks. Controllers who share personal data with others must, among other obligations, ensure that they comply with the...more
What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General...more
The Court of Justice of the European Union (CJEU) published the Advocate General's Opinion on whether the GDPR would restrict the sale of a database by court enforcement officers to satisfy creditor claims without the consent...more
The EDPB launched a website auditing tool to help legal and technical auditors at data protection authorities check whether websites are compliant with the law on 29 January 2024. Controllers and processors can also use the...more
On 22 December 2023, the EU published Regulation (EU) 2023/2854, the Data Act, in the Official Journal of the EU. The Data Act is a new regulation providing harmonised rules on access to data, switching cloud providers and...more
The new Swiss Federal Act on Data Protection, known by the acronym “nFADP,” took effect on September 1. The law was enacted by the Swiss parliament in 2020. The law introduces new rights for Swiss citizens, but also...more
GDPR compliance can be tricky. Even if you summon the willpower to read through the law’s text, it can be tough to know where to start. As an alternative to pouring through the GDPR’s legalese, one way to establish a...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
In a significant milestone for EU-U.S. cross-border transfers of personal data under Article 45 of the General Data Protection Regulation (GDPR), the European Commission adopted an adequacy decision for the new EU-U.S. Data...more
On July 4, 2023, the European Commission (EC) published its proposal for a regulation laying down additional procedural rules for the enforcement of the EU General Data Protection Regulation (GDPR) (proposal). The proposal...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
Meta Ireland (Meta) has recently been issued with two fines by the Irish Data Protection Commission (DPC) for breaches of the EU General Data Protection Regulation (GDPR) relating to advertisements run on its Facebook and...more
On 3 May 2022, the European Commission launched its proposal for a Regulation for the European Health Data Space to “unleash the full potential of health data”. However, questions arise as to whether this proposal is a...more