Blog

picture

Data Breach Notifications Across Europe: EDPB's list published!

This significant update nearly went unnoticed as all attention was focused on the final text of the AI Act. The #EDPB finally published the list detailing the notification processes of all relevant EEA data protection authorities (DPAs). In connection with the amended guideline 9/2022, this means that a non-EU company may need to report to 45 DPA’s in 26 languages.

picture

Executive Order by President Biden Aimed at Securing Sensitive Personal Data of U.S. Individuals

President Biden has announced an unprecedented Executive Order designed to protect Americans’ most sensitive personal data from exploitation by foreign threats. This move addresses the growing concerns over the vast amounts of personal data collected and the risks posed by its potential misuse.

picture

Navigating the Timeline of the EU Artificial Intelligence Act

The European Union reached a significant milestone in controlling artificial intelligence when the Parliament, Commission, and Council came to a political agreement on the EU Artificial Intelligence Act (AI Act) on December 8, 2023. This critical agreement, followed by unanimous approval from EU member states, opens the way for the world’s first comprehensive AI regulation. The AI Act’s staged implementation timeline seeks to guarantee effective AI governance while encouraging innovation and public trust.

picture

EDPB clarifies notion of main establishment and calls on EU legislators to make sure CSAM Regulation respects rights to privacy and data protection

Today, on February 14, 2024, the EDPB made two important announcements that could impact businesses and individuals across the EU:

Clarification on Main Establishment: The EDPB has provided new guidelines about what counts as a company’s “main establishment” in the EU. This is important for businesses that operate in more than one EU country because it helps determine which country’s data protection authority they primarily deal with. The guidance helps ensure that businesses know how to comply with EU data protection laws, especially if they make decisions about data processing outside the EU.

picture

CCPA: Managing Consumer Rights - CPRA regulations now enforceable

Those organizations rushing before 1 July 2023 to put compliance measures in place in time for the original enforcement date of the California Privacy Rights Act regulations (CPRA regulations) will have taken comfort in the last-minute decision by Sacramento County Superior Court last June to push enforcement back to 29 March 2024. However, the decision last week by the California Third District Court of Appeals means that the California Privacy Protection Agency (CPPA) can immediately begin to enforce the CPRA regulations, which include detailed rules on consumer privacy rights request handling, opt-out mechanisms for sale/sharing of data and the mandatory recognition of opt-out signals. From now on, we can expect to see a step up in enforcement activity and an increase in sanctions.

Andreas
Women called Charlotte in a pantsuit.

Andreas Maetzler, Charlotte Mason