EU, UK and US Trade Sanctions: Application and Latest Developments [Video Recording]
What to Expect from the Supreme Court During Obama’s Second Term
On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act). It is considered to be the world’s first comprehensive horizontal legal framework for AI. It provides for EU-wide rules on data...more
On 19 September 2023, the UK Parliament passed the Online Safety Bill (“OSB”). The OSB aims to protect individuals from illegal online content and focuses on the protection of children by requiring the removal of content that...more
The European Parliament and the Council of the European Union adopted the European Data Act on June 28 after lengthy negotiations. The Data Act creates a legal framework for a single European data market, and its key...more
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
China’s Personal Information Protection Law (PIPL or the final version), following the first two readings in October 2020 and April 2021, was adopted on August 20, 2021 and will become effective on November 1, 2021. The final...more
On April 21, 2021, the European Commission published its bold and comprehensive proposals for the regulation of artificial intelligence. With suggested fines of up to 6% of annual global turnover, as well as new rules and...more
In the first case of its kind, the High Court of England & Wales has considered the limits on the extraterritorial reach of the European Data Protection Regulation (GDPR). ...more
Organizations in the United States often ask us how to comply with GDPR. But starting with that question skips a key inquiry: the extent to which GDPR applies to a US company in the first place....more
It’s generally recognized that the General Data Protection Regulation (GDPR) can apply to entities outside the European Union. However, scant court rulings guide non-European controllers and processors on this question. The...more
Brazil’s long-debated privacy law – the Lei Geral de Proteção de Dados (LGPD) – took effect on August 27, 2020. The LGPD is largely inspired by the European Union’s privacy regulation – the General Data Protection Regulation...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
UK law enforcement can now obtain an order against a person in or operating in the US for the production of or access to electronic data under a new ‘landmark’ US-UK data sharing agreement. The agreement has been heralded...more
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US;...more
5% There are two situations in which the GDPR purports to apply extraterritorially to companies that have no contact to the European Union. The first situation, described in Article 3(2)(a) of the GDPR, occurs when a...more
25% There are two situations in which the GDPR purports to apply extraterritorially to companies that have no contact to the European Union. The first situation, described in Article 3(2)(a) of the GDPR, occurs when a...more
Does the GDPR really apply to my company? From a data protection standpoint, this is the first thing that comes to mind within non-EU companies. In many cases, the GDPR seems like an issue of the Old Continent, so some assume...more
The UK and the US signed a new data-sharing agreement on 3 October designed to facilitate the exchange of evidence and enhance co-operation between the two countries and their respective investigatory authorities. The first...more
This issue of Skadden’s semiannual Cross-Border Investigations Update takes a close look at recent cases, regulatory activity and other key developments, including a review of the first year of GDPR enforcement, analysis of...more
The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still...more
The Situation: The United Kingdom is due to leave the European Union ("EU") on 31 October 2019. Negotiations between member states of the EU excluding the United Kingdom ("EU27") and the United Kingdom are ongoing, but it is...more
The Gauvain Report to "Restore the sovereignty of France and Europe and protect our companies from laws and measures with extraterritorial scope" was submitted to the French Prime Minister on 26 June 2019. As its name...more
Recent laws—such as the 2016 Sapin 2 Law and the new EU General Data Protection Regulation—provide for rules that are intended to ensure compliance with the French Blocking Statute, which prohibits any French party from...more
2018 was a watershed year for data privacy regulation. While Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) garnered the most attention from the public and businesses...more
Why does this topic matter to organisations? The GDPR does not necessarily apply to every organisation in the world. It applies to all organisations that are established in the EU. However, for organisations established...more