European Court of Justice Clarifies Rules on Damages Compensation for GDPR Breaches

On 4 May 2023, the Court of Justice of the European Union (CJEU) delivered its decision in the Österreichische Post case (Case C-300/21), in essence deciding that a mere infringement of the General Data Protection Regulation (GDPR) does not automatically lead to compensation for damages; compensation for nonmaterial damage does […]

FTC Warns to ‘Keep Your AI Claims in Check’ in New AI Guidance

On February 27, 2023, the US Federal Trade Commission (FTC) published new Business Blog guidance from Division of Advertising Practices staff about marketing claims for artificial intelligence products. While prior FTC AI guidance focused on the need to avoid using automated tools that have biased or discriminatory impacts, the latest […]

China Releases Standard Contract for Cross-Border Transfer of Personal Information

On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract as a schedule. The measures will take effect on June 1, 2023, and provide a six-month grace […]

CJEU Clarifies Whether Data Protection Officers Can Perform Other Roles or Be Dismissed

On February 9, 2023, the Court of Justice of the European Union ruled in two decisions (C-453/21 and C-560/21) that a data protection officer (DPO) may have other duties within their role if there is not a conflict of interest. The CJEU also found that national provisions that allow for the […]

Digital Services Act: Online Platforms, Do Your Homework Before it’s too Late

The Digital Services Act (DSA) entered into force on November 16, 2022. This new European regulation builds on the Electronic Commerce Directive to strengthen the moderation obligations of online platforms regarding illegal content, such as racism, child pornography, counterfeiting and disinformation. Among various obligations, online platforms must remove illegal content […]

UK Information Commissioner’s Office Publishes Details of Reprimands

On 6 December 2022, the UK Information Commissioner’s Office (ICO) announced that it would publish details of all future reprimands, including those issued from January 2022 onwards, ‘unless there is a good reason not to’. This is part of the ICO’s new strategic approach to regulatory action. The ICO hopes […]

US Expands Artificial Intelligence Guidance with NIST AI Risk Management Framework

Key takeaways On January 26, 2023, the US Commerce Department’s National Institute of Standards and Technology (NIST) published the Artificial Intelligence Risk Management Framework (AI RMF). The AI RMF is a voluntary resource designed to aid a variety of actors in the artificial intelligence sphere – such as technology companies […]

Considering Texting About Work? Beware.

As the rise in remote work has led to an increased reliance on mobile devices to stay connected – with cellphones at our fingertips virtually 24/7 – the use of third-party messaging applications to communicate about work has become commonplace. From WhatsApp to Telegram, corporate executives, financial services professionals and […]

California Supreme Court Boosts Policyholders Seeking Coverage for Privacy Class Actions

Key takeaways In a recent opinion, the California Supreme Court ruled in favor of California-based tech giant Yahoo in a multiyear legal battle with the National Union Fire Insurance Company of Pittsburgh, Pennsylvania. The insurer had refused to defend Yahoo against five class action lawsuits alleging Yahoo violated provisions of […]

European Commission Approves Trans-Atlantic Data Privacy Framework

On 13 December 2022, the European Commission issued a draft adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from EU to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework is […]