EU

The European Union (EU) has launched the world’s first comprehensive legislative package to regulate AI.  The Artificial Intelligence Act (AIA), which is currently progressing through the EU legislative process, will establish a risk-based framework for regulating use of AI anywhere within the EU, including by companies based outside the EU.

A limited number of unacceptable

The much-awaited new Standard Contractual Clauses (“SCCs”) have been adopted by the European Commission on June 4, 2021 and should be published in the next few weeks.

The nPadlock and EU flagew SCCs will go into effect twenty (20) days following publication in the Official Journal of the European Union (“EU”) and the old SCCs will be repealed three months after that date (“Date of Repeal”).


Continue Reading New Standard Contractual Clauses for the Transfer of Personal Data Outside the EEA – Adopted On the Eve of Publication

Padlock and EU flagWe are one (penultimate) step closer to the final adoption of new Standard Contractual Clauses (“SCCs”) by the European Commission.

The final version of a long overdue update to the 2004 (in case of controller-to-controller)/2010 (in case of controller-to-processor) model clauses which companies use to safeguard personal data transfers to controllers/processors outside the EEA under Article 46.2(c) of the GDPR, has cleared one of its final hurdles.

Today, the Article 93 Committee, consisting of the representatives of EU governments, unanimously approved new draft SCCs proposed by the Commission. The Committee is named after Article 93 of the GDPR, referencing the examination procedure, which the draft SCCs of the European Commission (including the one on the new SCCs) had to go through on its way to final adoption.
Continue Reading New Standard Contractual Clauses for Transfer of Personal Data outside the EEA – Getting Warmer by the Day

Since the GDPR came into force in May 2018, data privacy compliance has become increasingly relevant during M&A transactions throughout the EU.  A buyer may ultimately be responsible for the historical data protection law breaches of the target business and for picking-up the costs of dealing with any data security breaches that occurred pre-completion of

Laptop Data TransferOn 24th December 2020, the UK and the EU finally agreed on the terms of a Brexit deal, including an interim solution to the issue of personal data transfers from the EU to the UK.  This interim arrangement gives some much-needed breathing space to European organizations with UK affiliates or that use UK service providers, and renewed hope for an eventual adequacy decision from the European Commission covering transfers of personal data to the UK.

The interim solution agreed allows companies and organisations that transfer personal data from the EU to the UK, to continue to do so, for up to six months to give time for the European Commission to approve an adequacy decision in favour of the UK (under Article 36(3) of Directive (EU) 2016/680 and under Article 45(3) of Regulation (EU) 2016/679).


Continue Reading Brexit Updated: Interim Deal Reached on EU-UK Data Transfers

Brexit and EU keys on KeyboardWith the end of the Brexit transition period fast approaching, we have examined the potential impact on data privacy compliance in the UK and the EU/EEA and prepared a guide which provides practical advice on how to prepare to ensure that your organization is in the best position possible to deal with the outcome of the current UK/EU negotiations on 31 December 2020.

Organisations are advised to identify personal data flows between the EEA and the UK and to devise a plan to ensure that these data transfers will be able to lawfully continue from 1 January 2021, in the event that the UK does not obtain an adequacy decision from the European Commission (and no alternative agreement is reached) in advance of that date. Priority should be given to business-critical data flows and transfers of large volumes of personal data, special category data or criminal data.
Continue Reading The Brexit Transition Period: Are You Ready?

In considering methods to relax the COVID-19 lockdown measures and revive the economy, while at the same time containing the spread of the virus, the EU and national EU governments have been actively pursuing the development and use of contact tracing apps.

To be effective, any contact tracing app would require the majority of the population to use it. Of course, there are reservations about the overall benefit of such an app as a means of responding to the COVID-19 crisis (among others because it may lead to false positives or negatives, the technology may be unable to distinguish between people in crowded places, as well as because of the possible abuse of the data).
Continue Reading EU and National Guidance and Approaches to Contact Tracing Apps

Join us for a webinar where Annette Demmel of our Data Privacy & Cybersecurity team will discuss how to create and implement an email retention schedule which balances privacy requirements, statutory retention periods and the practicability in day-to-day operations.
Continue Reading Complimentary Webinar: Retention Schedule for Emails – How to Balance it All

EU FlagIt has been almost two years since the GDPR came into force and now the European Commission (“EC”) is set to undertake a review and eventually report on issues regarding the application of the GDPR. Specifically, the EC will report on the international transfer provisions and cooperation and consistency mechanisms between supervisory authorities.

The EC is currently in the “roadmap” phase of the process. A roadmap aims to inform citizens and stakeholders about the EC’s work. One element of the roadmap is to gather feedback from citizens and stakeholders, and the opportunity to provide such feedback opened on 2 April 2020. The closing date for feedback is 29 April 2020. There is a 4000 character limit on the feedback function, but word documents can be uploaded where they contain research or other findings that support the feedback being provided. This feedback will be used to further develop and finesse the review. There are specific rules for providing feedback, which are linked here.
Continue Reading The European Commission is set to review the GDPR