On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the financial data they hold with other players in the finance industry (e.g., fintech companies). Customers of financial institutions will be able to control i) which data is shared, ii) with whom, iii) for what purpose, and iv) for how long. If adopted, FIDA will further liberalize financial data sharing in the EU.
Continue Reading European Commission Proposes New Rules on Financial Data Access and UseLaura Brodahl
Europe Prepares for a New Era in AI Regulation
Posted in European Union, Privacy
In Europe, recent advances in artificial intelligence (AI) have given rise to intense debate over how this technology should be regulated. Companies that have developed AI tools, or who are considering implementing AI, should assess the implications of recent legislative developments and regulatory action. This alert discusses the most recent legislative and regulatory developments in Europe and identifies key steps companies should take in light of these developments.
Continue Reading Europe Prepares for a New Era in AI RegulationNew Draft Guidance on Binding Corporate Rules for Controllers
By Laura Brodahl & Laura De Boel on
On November 15, 2022, the European Data Protection Board (EDPB) adopted draft recommendations (here) for data controllers when applying for approval of their binding corporate rules for international data transfers (Recommendations).
Binding corporate…
Continue Reading New Draft Guidance on Binding Corporate Rules for ControllersEU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations
By Petros Vinis, Deirdre Carroll, Nikolaos Theodorakis, Laura Brodahl, Laurine Daïnesi Signoret & Mia Gal on
Posted in European Union, Privacy
On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation.
In…
Continue Reading EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their InvestigationsBelgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR
On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals’ online ad preferences, violates the General Data Protection Regulation (GDPR). The DPA fined IAB Europe €250,000 (approx. USD 280,000), and required IAB Europe to present an action plan to bring the TCF into compliance within two months. To reach this conclusion, the DPA concluded that:
Continue Reading Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR
Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing
By Laura Brodahl, Laura De Boel & Joanna Jużak on
Posted in Cybersecurity, Privacy
On December 6, 2021, the Belgian Data Protection Authority (Belgian DPA) issued its recommendation on biometric data processing (Recommendation).[1] The Recommendation provides guidance on how to comply with the General Data Protection Regulation (GDPR) when processing biometric data.
Continue Reading Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing