On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
Nikolaos Theodorakis
European Commission Proposes New Rules on Financial Data Access and Use
Posted in Privacy
On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the financial data they hold with other players in the finance industry (e.g., fintech companies). Customers of financial institutions will be able to control i) which data is shared, ii) with whom, iii) for what purpose, and iv) for how long. If adopted, FIDA will further liberalize financial data sharing in the EU.Continue Reading European Commission Proposes New Rules on Financial Data Access and Use
Europe Prepares for a New Era in AI Regulation
Posted in European Union, Privacy
In Europe, recent advances in artificial intelligence (AI) have given rise to intense debate over how this technology should be regulated. Companies that have developed AI tools, or who are considering implementing AI, should assess the implications of recent legislative developments and regulatory action. This alert discusses the most recent legislative and regulatory developments in Europe and identifies key steps companies should take in light of these developments.Continue Reading Europe Prepares for a New Era in AI Regulation
European Commission Seeks Companies’ Input on GDPR Enforcement
Posted in European Union, Privacy
On February 24, 2023, the European Commission (EC) opened a public consultation on its initiative (Initiative) to revise procedural rules relating to the enforcement of the EU General Data Protection Regulation (GDPR). The EC invites…
Continue Reading European Commission Seeks Companies’ Input on GDPR EnforcementEU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework
Since the invalidation of the Privacy Shield framework in 2020 in the “Schrems II” case, the EU and the U.S. have been working to set up a new framework for data flows from…
Continue Reading EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy FrameworkCJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests
Posted in Privacy
On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled1 that the data subject’s right of access to personal data2 requires controllers to provide the data subject with the…
Continue Reading CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests