On May 2, 2021, the Norwegian data protection authority, Datatilsynet, notified a U.S. company of its intention to issue a fine of 25 million Norwegian Krone (approximately 2.5 million Euros). The preliminary fine was issued for failure to comply with the General Data Protection Regulation’s accountability, lawfulness and transparency requirements, primarily due to the company’s tracking of website visitors.
Continue Reading Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

On March 25, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth organized an expert roundtable on the EU Approach to Regulating AI–How Can Experimentation Help Bridge Innovation and Regulation? Roundtable panelists explored how methodologies, such as policy prototyping and regulatory sandboxes, can help create the right rules and frameworks and interpret them constructively for regulating AI in a way that enables responsible innovation and risk mitigation.
Continue Reading CIPL Organizes Webinar on EU Approach to Regulating AI and Regulatory Experimentation

The Centre for Information Policy Leadership at Hunton Andrews Kurth has published its paper on delivering a risk-based approach to regulating artificial intelligence. Developed in partnership with key EU experts and leaders in AI, the paper translates best practices and emerging policy trends into actionable recommendations for effective AI regulation.
Continue Reading CIPL Publishes Recommendations on a Risk-Based Approach to Regulating AI

On March 1, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the new Brazilian data protection authority’s call for preliminary inputs on the impact of the Brazilian data protection law on small and medium-sized enterprises.
Continue Reading CIPL Submits Response to New Brazilian Data Protection Authority’s First Public Consultation on SMEs

The concept of regulatory sandboxes has gained traction in the data protection community. Since the UK Information Commissioner’s Office completed its pilot program of regulatory sandboxes in September 2020, two European Data Protection Authorities have created their own sandbox initiatives following the ICO’s framework.
Continue Reading Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities

On February 5, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the European Commission’s public consultation on the Commission’s Proposal for a Regulation on European Data Governance. This proposal is the first set of initiatives announced under the broader European Data Strategy.
Continue Reading CIPL Submits Response to European Commission’s Proposal for a Regulation on European Data Governance

On January 26, 2021, BBB National Programs announced that it has been endorsed as an Accountability Agent for the APEC Cross-Border Privacy Rules and Privacy Recognition for Processors systems. This makes BBB National Programs the seventh CBPR and PRP Accountability Agent worldwide and the first ever U.S. non-profit to be approved by APEC.
Continue Reading APEC Endorses the First U.S. Non-Profit Accountability Agent

On January 15, 2020, the European Data Protection Board and European Data Protection Supervisor adopted joint opinions on the draft Standard Contractual Clauses released by the European Commission in November 2020, both for international transfers and for controller-processor relationships within the EEA.
Continue Reading EDPB and EDPS Adopt Joint Opinions on Draft SCCs

On January 13, 2021, the FTC announced that fertility-app developer Flo Health, Inc. (“Flo”) agreed to a settlement over allegations that the company shared app users’ health information with third-party data analytics providers despite representations that Flo would keep such information private.
Continue Reading FTC Settles with Fertility-Tracking App Developer Regarding Health Data Disclosures