On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be considered as processing of personal data under the GDPR and to clarify the relationship between personal data protection and public access to documents.
Continue Reading CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR
International
European Parliament Approves the AI Act
On March 13, 2024, the European Parliament adopted the AI Act by a majority of 523 votes in favor, 461 votes against, and 49 abstentions. The AI Act will introduce comprehensive rules to govern the use of AI in the EU.
Continue Reading European Parliament Approves the AI Act
CJEU Rules on IAB Europe’s Transparency and Consent Framework
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework
DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”…
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
UK ICO Issues Enforcement Notice and Warning to UK Home Office
On March 1, 2024, the UK Information Commissioner’s Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.
Continue Reading UK ICO Issues Enforcement Notice and Warning to UK Home Office
EDPB Launches Coordinated Enforcement Framework on Right of Access
On February 28, 2024, the European Data Protection Board announced the launch of its latest Coordinated Enforcement Framework action on the right of access.
Continue Reading EDPB Launches Coordinated Enforcement Framework on Right of Access
ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance
On February 23, 2024, the UK Information Commissioner’s Office reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.
Continue Reading ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance
CIPL Publishes The Zero Risk Fallacy Paper
On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.
Continue Reading CIPL Publishes The Zero Risk Fallacy Paper
European Commission to Establish AI Office
The European Commission recently announced it had published the Commission Decision establishing the European AI Office.
Continue Reading European Commission to Establish AI Office
ICO Publishes Guidance on Content Moderation
On February 16, 2024, the UK Information Commissioner’s Office published its first piece of guidance on content moderation.
Continue Reading ICO Publishes Guidance on Content Moderation