On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be considered as processing of personal data under the GDPR and to clarify the relationship between personal data protection and public access to documents.
Continue Reading CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR
European Union
European Parliament Approves the AI Act
On March 13, 2024, the European Parliament adopted the AI Act by a majority of 523 votes in favor, 461 votes against, and 49 abstentions. The AI Act will introduce comprehensive rules to govern the use of AI in the EU.
Continue Reading European Parliament Approves the AI Act
CJEU Rules on IAB Europe’s Transparency and Consent Framework
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework
EDPB Launches Coordinated Enforcement Framework on Right of Access
On February 28, 2024, the European Data Protection Board announced the launch of its latest Coordinated Enforcement Framework action on the right of access.
Continue Reading EDPB Launches Coordinated Enforcement Framework on Right of Access
CIPL Publishes The Zero Risk Fallacy Paper
On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.
Continue Reading CIPL Publishes The Zero Risk Fallacy Paper
European Commission to Establish AI Office
The European Commission recently announced it had published the Commission Decision establishing the European AI Office.
Continue Reading European Commission to Establish AI Office
EDPB Adopts Opinion on the Notion of Main Establishment
On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
On February 9, 2024, Hunton Andrews Kurth and its Centre for Information Policy Leadership prepared an op-ed discussing the implications of the European Commission’s Draft GDPR Procedural Regulation and European Parliament’s Draft LIBE Report.
Continue Reading The European Commission Draft GDPR Procedural Regulation and European Parliament Draft LIBE Report: On the Road to Harmony?
CNIL Publishes 2024 Investigation Focus Plan
On February 8, 2024, the French Data Protection Authority announced the priority topics for its inspections in 2024. This blog entry provides a summary of the key topics.
Continue Reading CNIL Publishes 2024 Investigation Focus Plan
Final Draft of EU AI Act Leaked
On January 22, 2024, a draft of the final text of the EU Artificial Intelligence Act (“AI Act”) was leaked to the public. The leaked text substantially diverges from the original proposal by the European Commission, which dates back to 2021. The AI Act includes elements from both the European Parliament’s and the Council’s proposals.Continue Reading Final Draft of EU AI Act Leaked