Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
Companies deploying high-risk artificial intelligence (AI) systems must prepare to conduct Fundamental Rights Impact Assessment (FRIA) by 2 August 2026. In this edition of our “Zooming in on AI” series we explain what this...more
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation: Employees are “consumers” under the California Consumer Privacy Act. It requires:...more
The U.S. Department of Labor and The White House recently released a new framework designed to protect U.S. workers from adverse consequences when artificial intelligence systems are deployed in the workplace. The framework...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Challenges may arise when conducting an internal investigation related to an underlying disclosure by a whistleblower pursuant to the EU Directive, because companies must strictly comply with the GDPR. Failure to comply with...more
The highly anticipated EU Artificial Intelligence Act is finally here! With extra-territorial reach and wide-reaching ramifications for providers, deployers, and users of Artificial Intelligence (“AI”), the Artificial...more
As employment-related artificial intelligence (“AI”) tools proliferate, multinational employers feel increasing pressure to deploy AI across their global offices. These tools can provide great value and efficiency across the...more
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
Startups face unique challenges that can impact their success and sustainability. Obstacles such as financial constraints (inadequate funding or limited cash flow) and resource constraints often result in small teams having...more
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
Do new U.S. state laws require you to do a DPIA? Some pointers: •Assess whether or not you have processes that require conducting a DPIA (these are situations where there is a “heightened risk” to the rights of...more
Since 1998, the Children’s Online Protection Act (COPPA) has governed how websites directed to children in the United States must approach data privacy for individuals under age 13. COPPA focuses mostly on the collection,...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
While speaking recently at the Nordic Privacy Arena in Sweden, I offered Nordic companies seven things they should think about when doing business in the United States. For your reading pleasure: Personal data can’t...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
The Commerce and Energy Committee has voted to send the American Data Privacy and Protection Act (ADPPA) to the House, but not without some changes....more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
Accurate and timely data is essential for successful Diversity, Equity and Inclusion Initiatives and other critically important programs, but when data collection activities collide with the GDPR risks may escalate. Here’s...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more