EU

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

Shortly after the publication of the Artificial Intelligence (AI) Act, the EU Commission published the AI Pact’s draft commitments with a view of anticipating compliance with high-risk requirements for AI developers and deployers.

Publication and timeline for the AI Act

The EU AI Act was published in the Official Journal of the European Union on July 12, 2024, as “Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules on artificial intelligence.”  We have presented the main provisions and purposes of the AI Act in our publication here.

The EU AI Act will enter into force across all 27 EU Member States on August 1, 2024, but has variable transition periods depending on the relevant parts of the AI Acts; starting with February 2, 2025, at which point, prohibited AI practices must be withdrawn from the market, and with the enforcement of the majority of its provisions commencing on August 2, 2026.

The call for participation on the AI Pact by the EU commission

In this context, the EU Commission issued a press release on July 22, 2024, promoting the “AI Pact”, seeking the industry’s voluntary commitment to anticipate the AI Act and to start implementing its requirements ahead of the legal deadline.  The press release can be found here.

The AI Pact was first launched in November 2023, obtaining responses from over 550 organizations of various sizes, sectors, and countries.

The AI Office has since initiated the development of the AI Pact, which is structured around two pillars:Continue Reading The EU Commission’s Draft AI Pact anticipating compliance with newly published AI Act

When expanding/ directing operations into Europe, foreign organizations often have questions about how to deal with the EU’s ever-expanding regulatory framework. From a data protection perspective, it is often assumed that B2B operations do not trigger the extraterritorial applicability of EU data protection laws (mainly, Regulation (EU) 2016/679 or GDPR) and that it is sufficient to enter into data processing agreements with European data controllers. But is it really that simple?

Some context…

As raised above, one of the most salient elements of the GDPR is that it applies not only to processing operations carried out by controllers and processors established in the European Union, but also to certain processing operations carried out by controllers and processors established outside the Union. This is the case of the processing related to the active offering of goods or services to data subjects in the Union and the monitoring of their behavior, as far as it takes place within the Union (Article 3.2 of the GDPR).Continue Reading A data processing agreement is not always enough.

Op-ed on what we know of the EDPB opinion on Pay or OK

April 17, 2024, 5:15 p.m. (Brussels)

Today, the EDPB plenary had a moment. It discussed an opinion on the Pay or OK models for social media. It was not its role, but it was likely trapped to do, as Art. 64(2) GDPR didn’t consider that national data protection authorities would sometimes use tactics similar to privacy activists to weaponize fundamental rights in a fight that has very little to do with privacy at its core. The discussion is much more about the Internet we want (or not).

“In most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice between consenting to processing of personal data for behavioral advertising purposes and paying a fee” says the opinion (according to the leak from POLITICO).Continue Reading When the EDPB is Weaponized, It Is Our Privacy That Is at Risk

1. Introduction

The Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law has been concluded by the Council of Europe (CoE) Committee on Artificial Intelligence on March 24, 2024, finally landing a decisive blow with a provisional agreement on the text of a treaty on artificial intelligence and human rights (Treaty).

This Treaty is the first of its kind and aims to establish basic rules to govern AI that safeguard human rights, democratic values and the rule of law among nations. As a CoE treaty, it is open for ratification by countries worldwide. It is worth noting that in this epic battlefield, apart from the CoE members in one corner of the global arena, on the opposite corner, representing various nations like the US, the UK, Canada and Japan, we have the observers, eyeing the proceedings, ready to pounce with their influence. Although lacking voting rights, their mere presence sends shockwaves through the negotiating ring, influencing the very essence of the Treaty.Continue Reading Heavyweight Fight, Did the US or EU KO the AI Treaty?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to

On February 13, 2024, the European Data Protection Board (EDPB) released its opinion on the notion of the main establishment of a controller in the EU under article 4(16)(a) GDPR and the criteria for the application of the “one-stop shop” mechanism, in particular, regarding the notion of a controller’s “place of central administration” (PoCA) in

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

The Digital Services Act (DSA) entered into full force on 17 February 2024. This is a monumental EU regulation, containing 93 articles and 156 recitals, which is intended to impose:

  • A framework for the conditional exemption from liability of providers of online intermediary services (i.e. companies that are conduits for, cache or host third-party online

The Association of Southeast Asian Nations (ASEAN) and the European Union (EU) have rolled out their completed joint guide on the ASEAN model contractual clauses (MCCs) and EU standard contractual clauses (SCCs).[1]

This is the second half of a two-part guide, with this latter segment focusing on implementation aspects of the MCCs and SCCs.