On May 2, 2021, the Norwegian data protection authority, Datatilsynet, notified a U.S. company of its intention to issue a fine of 25 million Norwegian Krone (approximately 2.5 million Euros). The preliminary fine was issued for failure to comply with the General Data Protection Regulation’s accountability, lawfulness and transparency requirements, primarily due to the company’s tracking of website visitors.
Continue Reading Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

On April 27, 2021, the Portuguese Data Protection Authority ordered the National Institute of Statistics to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.
Continue Reading Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

On April 22, 2021, the Belgian Constitutional Court annulled the framework set forth by the Law of 29 May 2016 requiring telecommunications providers to retain electronic communications data in bulk.
Continue Reading Belgian Constitutional Court Annuls Data Retention Framework for Electronic Communications Data

The European Commission has published its Proposal for a Regulation on a European approach for Artificial Intelligence. The Proposal follows a public consultation on the Commission’s White Paper on AI published in February 2020. The Commission simultaneously proposed a new Machinery Regulation, designed to ensure the safe integration of AI systems into machinery.
Continue Reading European Commission Publishes Proposal for Artificial Intelligence Act

The European Data Protection Board has adopted its Opinion on the draft UK adequacy decision issued by the European Commission on February 19, 2021. The EDPB’s Opinion is non-binding but will be persuasive. The adequacy decision will be formally adopted if it is approved by the EU Member States acting through the European Council. If the adequacy decision is adopted, transfers of personal data from the EU to the UK may continue without the implementation of a data transfer mechanism under the EU General Data Protection Regulation, such as Standard Contractual Clauses.
Continue Reading EDPB Adopts Opinion on Draft UK Adequacy Decision

On March 25, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth organized an expert roundtable on the EU Approach to Regulating AI–How Can Experimentation Help Bridge Innovation and Regulation? Roundtable panelists explored how methodologies, such as policy prototyping and regulatory sandboxes, can help create the right rules and frameworks and interpret them constructively for regulating AI in a way that enables responsible innovation and risk mitigation.
Continue Reading CIPL Organizes Webinar on EU Approach to Regulating AI and Regulatory Experimentation

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children