Insights
Professional
Practice
Industry
Region
Trending Topics
Location
Type
Sort by:
Client Alerts 27 results
Client Alert | 6 min read | 03.11.25
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a ruling about the requirements on data controllers to respond to data access requests regarding an automated decision-making system. In particular, the CJEU interpreted the meaning (under Article 15(1)(h) GDPR) of the phrase “meaningful information about the logic involved” in automated decision-making. Importantly, the ruling also separately addressed how to balance data access rights with the protection of the controller’s trade secrets, when the protection of trade secrets is invoked under Article 15(4) as a reason not to disclose a copy of personal data in an access request.
Client Alert | 4 min read | 12.19.24
New EU Directive Impacting Digital Platforms and Individuals Working for Them
On 23 October 2024, the European Parliament adopted Directive (EU) 2024/2831 (“the Directive”), aimed at improving conditions for individuals working for digital platforms. The Directive introduces comprehensive measures to: address the employment status of digital platform workers, ensure transparency and fairness in algorithmic management, and strengthen the protection of personal data. The Directive came into force on 1 December 2024, and Member States are required to adopt the necessary measures for transposition into national law by 2 December 2026.
Client Alert | 22 min read | 05.31.24
2024: An Overview of New and Upcoming Belgian and EU Laws and Regulations – UPDATED in May 2024
At the beginning of the year, we brought to your attention that a number of important Belgian and EU legislative changes are likely to have an impact in 2024: there are new laws that have been adopted and proposals that are expected to firm up into law.
Client Alert | 4 min read | 03.20.24
The EU AI Act and Obligations for Companies Operating in the European Union
In an era where regulatory landscapes are rapidly evolving, companies with a footprint in the European Union must stay vigilant and adaptable. The EU has recently unveiled a comprehensive set of guidelines that impose fresh obligations on both EU and non-EU based companies operating within its borders. This client alert is the first in a series designed to decode the complexities of the new EU regulations and provide actionable insights for businesses to ensure full compliance[1]. Stay tuned as we unravel the details of these pivotal changes and guide you through the steps your business needs to take to align with the EU's heightened regulatory standards.
Client Alert | 5 min read | 02.16.24
On February 17, 2024, The Digital Services Act (DSA) will become applicable, introducing a new regulatory framework for providers of intermediary services. The DSA will apply to those offering their services to users located in the EU, regardless of the providers' place of establishment. We have discussed the new obligations in our previous client alert, when the DSA was adopted. In this alert, we will focus on the notice and action mechanisms, the positions of the users, intermediaries and the general public.
Client Alert | 19 min read | 01.31.24
2024: An Overview of New and Upcoming Belgian and EU Laws and Regulations
A number of important Belgian and EU legislative changes are likely to have an impact in 2024. On the one hand, there are new laws that have been adopted and will start to bite, and, on the other, there are proposals that are expected to firm up into law.
Client Alert | 2 min read | 11.17.23
European Parliament Adopts Final EU Data Act
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to shape Europe’s digital future (see our earlier posts here and here).
Client Alert | 3 min read | 11.13.23
European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized rules on artificial intelligence (commonly known as the AI Act Proposal). Although the EDPS does not supervise the private sector, it plays an influential role in both the European and global regulatory community and this new opinion is, thus, a valuable addition to the current legislative debate.
Client Alert | 3 min read | 05.08.23
CJEU Clarifies the Right to Obtain a ‘Copy’ of Personal Data
The Court of Justice of the European Union (the “CJEU”) has issued a recent judgment (for now only available in its original French version) providing guidance on controllers’ obligation to provide data subjects with access to their personal data under Article 15 of the European General Data Protection Regulation (“GDPR”).
Client Alert | 2 min read | 03.07.23
Key Takeaways from the Cookie Banner Taskforce Report
In the past few years, privacy activists, consumers and national and European data protection authorities have become increasingly aware of the impact of cookies and other tracking technologies. As a result, most administrators of websites and mobile apps know that they have to provide users with a clear and prominent cookie banner. They also know that they should explain what cookies are being used and obtain the user’s consent before storing any non-essential cookies on their device.
Client Alert | 3 min read | 03.07.23
The EDPB's Opinion on EU-U.S. Data Privacy Framework
On February 28, 2023, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2023 (the “Opinion”) on the draft adequacy decision of the European Commission regarding the EU-U.S. Data Privacy Framework (“DPF”). The DPF aims to ensure that personal data transferred from the European Union to the U.S. receives an adequate level of protection. The framework is based on the principles of transparency, accountability, and oversight, and it includes safeguards to protect the data privacy rights of individuals.
Client Alert | 4 min read | 12.15.22
The European Commission launched the formal process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework on December 13, 2022. The framework will replace the Privacy Shield, which was invalidated by the Court of Justice of the European Union’s (“CJEU”) Schrems II ruling on July 16, 2020 (CJEU C-311/18, discussed in this client alert). The draft adequacy decision aims to foster transatlantic data flows and to address the concerns raised in Schrems II. The draft adequacy decision is therefore important for businesses on both sides of the Atlantic.
Client Alert | 5 min read | 11.09.22
In a judgment of August 1, 2022, the Court of Justice of the European Union (CJEU) provided further guidance on two important aspects of the General Data Protection Regulation (GDPR) (CJEU C-184/20). In summary, the CJEU held that, first, for a national law that imposes a legal obligation to process personal data to be able to constitute a legal basis for processing, it needs to be lawful, meaning that it must meet an objective of public interest and be proportionate to the legitimate aim pursued, and second, that non-sensitive data that are liable to reveal sensitive personal data need to be protected by the strengthened protection regime for processing of special categories of personal data.
Client Alert | 3 min read | 10.10.22
On October 7, 2022, President Biden signed an executive order implementing the EU-U.S. Data Privacy Framework. Announced in March, this framework replaces the Privacy Shield program that the EU Court of Justice invalidated in July 2020 with its Schrems II decision. That decision stated that the United States did not provide a level of data protection that was “essentially equivalent” to that provided within the EU because signal intelligence surveillance by U.S. agencies was considered too broad and EU residents were not provided with effective remedies.
Client Alert | 1 min read | 04.08.22
"World's First" Reinsurance Contract Bound Using Blockchain Technology
The Blockchain Insurance Industry Initiative (B3i) announced that “Allianz and Swiss Re have successfully placed the world’s first legally binding reinsurance contract on distributed ledger technology (DLT), enabled by B3i’s live production network.” The placement involves a “core catastrophic” excess-of-loss reinsurance contract issued by Swiss Re (the reinsurer) to Allianz (the ceding company), which B3i notes both parties digitally signed earlier this year.
Client Alert | 7 min read | 01.26.22
Data Breach Decisions: A Turning of The Tide?
Compensation claims for data breaches have become increasingly common in the UK in recent years. However, 2021 may come to be seen as a turning of the tide, as the English Courts made a number of decisions that will substantially reduce the scope of such claims and/or make them less attractive to funders. This alert looks at a few such decisions and their potential consequences.
Client Alert | 3 min read | 09.15.21
English High Court Judgment Narrows The Scope of Data Breach Claims
Compensation claims for data breaches have become increasingly common in the UK, and are often issued in the High Court (Media and Communications List). However, the High Court’s recent judgment in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) may signal a reversal of that trend. At the very least, unless reversed on appeal, the decision will substantially reduce the scope of many such claims.
Client Alert | 2 min read | 06.29.21
Just in Time - EU Adopts Adequacy Decisions for free flow of data with UK
On the 28 June 2021, the European Union (EU) adopted two adequacy decisions which permit the free flow of personal data from the EU and the European Economic Area (EEA) to the UK. The adequacy decisions are given under the EU General Data Protection Regulation (GDPR) and Law Enforcement Directive (LED), and include the EU’s assessment of the UK’s data protection standards. The decisions are necessary because EU data protection law limits transfers to a third country (the UK became a third country as a result of Brexit), and under the EU – UK Trade Cooperation Agreement the transition period was due to expire on the 30 June 2021.
Client Alert | 8 min read | 06.07.21
The New Standard Contractual Clauses for Transfers of Personal Data from the EU
On June 4, 2021, the European Commission (EC) issued its long-awaited updated standard contractual clauses (SCCs). The publication of the SCCs is an important moment for the global business community because they allow companies to meet the requirements of the European General Data Protection Regulation (GDPR) when transferring personal data from the European Union (EU) to non-EU countries.
Client Alert | 5 min read | 11.30.20
Remote Working Abroad: 10 Tips for Global Employers
Almost one year after the appearance of the novel coronavirus, the COVID-19 pandemic continues to set agendas for countries and multinational companies. More and more countries and jurisdictions have re-introduced lockdowns and restrictions on activities outside the home. Non-essential shops, bars and restaurants are closed again or have limited opening hours. Employees who may have begun the process of returning to the office are obliged to work from home again to the maximum extent.
