Photo of Charles Helleputte

Charles Helleputte

The Digital Services Act (DSA) entered into full force on 17 February 2024. This is a monumental EU regulation, containing 93 articles and 156 recitals, which is intended to impose:

  • A framework for the conditional exemption from liability of providers of online intermediary services (i.e. companies that are conduits for, cache or host third-party online

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The Association of Southeast Asian Nations (ASEAN) and the European Union (EU) have rolled out their completed joint guide on the ASEAN model contractual clauses (MCCs) and EU standard contractual clauses (SCCs).[1]

This is the second half of a two-part guide, with this latter segment focusing on implementation aspects of the MCCs and SCCs.

On January 15, 2024, the European Commission (EC) published its report on 11 adequacy decisions made under the Data Protection Directive. This is the first review of its kind in GDPR times for adequacy decisions that were living their own existence, with not many troubles (leaving the US one aside). A periodic checkup is foreseen in the most recent adequacy decisions (and Japan last review was published in April 2023), but not much was done for the other ones; this is now remedied.Continue Reading Adequate One Day Keeps Personal Data Transfer Problems (Forever) Away? Let’s See What the EU Doctor Just Said

On December 8, 2023, after some intense rollercoaster rides, the European Union (EU) institutions reached a political agreement on the EU Artificial Intelligence Act (EU AI Act). The compromises reached after sleepless nights still need to find their way into a final text (and this one might only be available after the holiday season), but

With the trilogues on the draft EU AI Act entering what is probably their final phase and the idea that procuring AI cannot be done lightly spreading, organizations are often confronted with hard choices, including on how to source AI responsibly and protect against liabilities with an uncertain developing legal framework. Contractual language is one

Mr. Philippe Latombe, a French member of Parliament, beat privacy activist Max Schrems to the punch! Despite Mr. Schrems’ many statements against the EU-US Data Privacy Framework (DPF), Mr. Latombe was the first to file a request in the EU’s General Court to seek the annulment of the DPF and, separately, an interim measure to suspend

According to the latest draft of the EU cybersecurity certification scheme for cloud services (EUCS), dated August 2023 (leaked by POLITICO), the data localisation requirement, which was heavily criticised by the industry, will now apply only to the highly critical “high+” level. Data localisation would, should the EUCS be approved as such, not apply to the category 3 (“high”) level. This might not be the end of a debate that has run wild between industry (with major cloud providers unkeen with the idea) on one side and some member states defending some level of sovereignty, such as France, Italy and Spain, and EU institutions (such as the European Data Protection Board and ENISA) on the other one.Continue Reading Fewer Clouds on … Cloud: The EU to (Finally) Drop Most Data Localisation Requirements in the EUCS

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

Our global data team has prepared a practical guide that compares three standard contracts, as a means of facilitating international data transfers, namely:

  • The EU’s standard contractual clauses (effective since June 2021)
  • The People’s Republic of China’s (PRC) standard contract (issued in March 2023)
  • The Association of Southeast Asian Nations’ (ASEAN) model contractual clauses (published in January 2021).

Continue Reading A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers