On March 25, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth organized an expert roundtable on the EU Approach to Regulating AI–How Can Experimentation Help Bridge Innovation and Regulation? Roundtable panelists explored how methodologies, such as policy prototyping and regulatory sandboxes, can help create the right rules and frameworks and interpret them constructively for regulating AI in a way that enables responsible innovation and risk mitigation.
Continue Reading CIPL Organizes Webinar on EU Approach to Regulating AI and Regulatory Experimentation

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

On March 15, 2021, the state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine in Bavaria impermissible due to lack of compliance with Schrems II mitigation steps for the transfer of e-mail addresses to the U.S.
Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

The Centre for Information Policy Leadership at Hunton Andrews Kurth has published its paper on delivering a risk-based approach to regulating artificial intelligence. Developed in partnership with key EU experts and leaders in AI, the paper translates best practices and emerging policy trends into actionable recommendations for effective AI regulation.
Continue Reading CIPL Publishes Recommendations on a Risk-Based Approach to Regulating AI

The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”.
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions

France’s highest administrative court recently issued a summary judgment that rejected a request for the suspension of the partnership between the French Ministry of Health and Doctolib, a leading provider of online medical consultations in Europe, for the management of COVID-19 vaccination appointments.
Continue Reading French Highest Court Rejects Suspension of Partnership with EU Service Provider Using AWS; Extends Application of the Schrems II Requirements

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on examples regarding data breach notification. CIPL welcomes the Guidelines which come at a time at which cyber attacks are surging as a result of the move to remote working triggered by the COVID-19 crisis, and should help organizations avoid over-reporting.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification