Tag: GDPR
AI Act Enters Into Force
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20 days from this date it will enter into force and will apply from 2 August 2026, bringing certainty regarding the timeline for its applicability, which […]
EU Collective Redress Directive: What Services Companies Need to Know (Part One)
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both jurisdictions will benefit from implementing and maintaining a coordinated global class action […]
Changes are Expected to the EU One-Stop-Shop Mechanism
Authored by Patrick Van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila this article was originally published in Privacy Laws & Business International Report, December 2023. Patrick van Eecke, Loriane Sangaré-Vayssac and Enrique Capdevila of Cooley analyse the updated guidelines for identifying the Lead Supervisory Authority and the draft GDPR Procedural Regulation. […]
The European Data Act: New Rules for a New Age
In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that will revolutionise the way data generated by connected devices is shared and used. Consumers and businesses will be able to access their devices’ data […]
Breached the GDPR? Calculate your own fine!
The General Data Protection Regulation (GDPR) is a difficult piece of legislation to comply with, and not meeting some of its requirements may lead to hefty fines of up to 4% of global annual revenues of the preceding year or 20 million euros, whichever is highest. Organisations may find it […]
Irish Circuit Court Awards Damages for ‘Non-Material’ Harm Under GDPR
On 11 July 2023, the Circuit Court of Ireland awarded 2,000 euros in compensation to a plaintiff seeking ‘non-material damage’ under Article 82 of the General Data Protection Regulation, in what is believed to be the first case in the European Union to follow the recent Court of Justice of […]
UK Information Commissioner’s Office Publishes Details of Reprimands
On 6 December 2022, the UK Information Commissioner’s Office (ICO) announced that it would publish details of all future reprimands, including those issued from January 2022 onwards, ‘unless there is a good reason not to’. This is part of the ICO’s new strategic approach to regulatory action. The ICO hopes […]
Part 3: PIPL’s Localization Requirements and Restrictions on Responding to Foreign Judicial and Enforcement Agencies
Localization requirements China’s Personal Information Protection Law (PIPL) requires that operators of critical information infrastructure (e.g., China Mobile) and personal information processors that process personal information in an amount that reaches “the threshold specified by” the Cyberspace Administration of China (CAC) store personal information collected and generated in China locally.[1] […]
Part 2: PIPL and GDPR Compliance Obligations on Cross-Border Transfers of Personal Information
As explained in our previous blog post, in addition to the requirements for adopting a cross-border transfer mechanism, China’s Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set out further compliance obligations on the cross-border transfer of personal information.[1] Before controllers (under the GDPR) […]
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as: Can employers in the China store their Chinese employees’ personal information on databases hosted in foreign […]