Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
The EU has entered a new phase of its digital strategy. With the EU Data Act (Regulation (EU) 2023/2854) (the “Data Act”) now applicable as of September 12, 2025, Europe is ushering in one of the most significant shifts in...more
The EU Data Act (Regulation (EU) 2023/2854), applicable from September 12, 2025, introduces a comprehensive legal framework aimed at enhancing data portability, interoperability, and minimizing dependency on individual...more
The Dutch Data Protection Authority (“AP“) has imposed a fine of €2.7 million on Experian Nederland B.V. (“Experian“) for breaches the General Data Protection Regulation (“GDPR“)....more
New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and US companies that the need to prioritize website tracking hygiene and transparency. In Europe: Netherlands privacy...more
While the case is likely to be mentioned in upcoming non-material damages claims, its unique circumstances mean defence arguments remain robust....more
The Court of Justice of the European Union (“CJEU”) delivered a significant judgement addressing the interpretation of “personal data” and “pseudonymization” under EU data protection rules, as well as the notification...more
The European Union (EU) Data Act (EDA) came into force on January 11, 2024, and took effect on September 12, 2025. It is set to reshape how companies handle data generated by connected products, smart devices and cloud...more
In this episode of Connected With Latham, London partner Fiona Maclean, Paris partner Jean-Luc Juhan, and London counsel Alain Traill discuss significant new switching requirements due to take effect for data processing...more
The EU Data Act’s implementation date is already upon us. That’s right, it becomes applicable, in part, on September 12, 2025, marking a major milestone in Europe’s data transformation journey, impacting cloud services,...more
The EU General Court has dismissed a French MEP’s challenge to the EU-U.S. Data Privacy Framework (“DPF”) for the transfer of personal data between the European Union (“EU”) and the United States (“U.S”). While the decision...more
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation...more
On December 2 – 3 2024, the European Data Protection Board (EDPB) met for its 99th plenary session. It subsequently issued several documents, one of which calls for the need for greater alignment between the GDPR and EU...more
Companies deploying high-risk artificial intelligence (AI) systems must prepare to conduct Fundamental Rights Impact Assessment (FRIA) by 2 August 2026. In this edition of our “Zooming in on AI” series we explain what this...more
On October 9, 2024, the European Commission (the Commission) published a report on the first periodic review of the adequacy decision of July 10, 2023. This decision determined that the EU-U.S. Data Privacy Framework (the...more
On October 10, 2024, the European Union officially adopted the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as...more
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
Image Alex Shandro It appears that the debate surrounding the UK’s Text and Data Mining (TDM) exception is about to reignite. TDM exceptions are key to assessing the legality of training generative AI models, and to...more
On 9 October 2024, the European Data Protection Board (EDPB) published its draft Guidelines on the processing of personal data based on legitimate interest for public consultation. The draft Guidelines, adopted on 8 October...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of data...more
As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation,...more
On 6 September 2024, the European Commission published a set of frequently asked questions (FAQs) on Regulation (EU) 2023/2854 on Harmonised Rules on Fair Access to and Use of Data (the Data Act). More detail can be found in...more