Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…
Key takeaways from December include: Concept of non-material damage under GDPR: In an expansive reading of the right to compensation under GDPR, a data subject’s fear that their personal data…
On 8 December 2023, after months of negotiations, the European Commission, the European Parliament and the European Council reached political agreement on the terms of the European Union Artificial Intelligence…
As legislators and regulators around the world are trying to determine how to approach the novel risks and opportunities that AI technologies present, the draft European Union Artificial Intelligence Act…
On Thursday, December 7th, 8:10-8:55 AM (ET), Robert Maddox will speak on a virtual panel entitled “Incident Response in Europe: State of Play.” To learn more about the conference please…
Key takeaways from September include: UK-US data bridge: From 12 October 2023, UK businesses will be able to transfer personal data to certain US organisations certified under a UK-specific extension…
As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations,…
Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest…
Key takeaways from June and July include: Data transfers to the U.S.: Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S.…
On July 10, 2023, the European Commission adopted with immediate effect an adequacy decision for the EU-U.S. Data Privacy Framework (the “DPF”). The decision enables businesses in Europe to transfer…