Two recent decisions by Québec’s data protection authority, the Commission d’accès à l’information (the “CAI”), should serve as cautionary tales for any business contemplating the deployment of biometric information...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data...more
The Israeli Privacy Protection Authority (“PPA”) recently published a draft opinion, which is open for public comments, addressing transfers of personal data from Israel to other countries. In this opinion, the PPA seeks to...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data...more