Insights

AI is currently attracting a lot of attention, and not only for the stunning pace at which we have embraced AI for writing office speeches, shopping lists or mathematical formulas, or for creating illustrations or improving the visuals of slide shows. Lawyers have also started paying attention to AI, with analyses of copyright infringements in input and output, anti-competitive concerted behavior (such as price fixing) or violations of personality and privacy rights with deep fakes imitating celebrities’ images or voices.

On February 28, 2023, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2023 (the “Opinion”) on the draft adequacy decision of the European Commission regarding the EU-U.S. Data Privacy Framework (“DPF”). The DPF aims to ensure that personal data transferred from the European Union to the U.S. receives an adequate level of protection. The framework is based on the principles of transparency, accountability, and oversight, and it includes safeguards to protect the data privacy rights of individuals.

On January 11, 2024, the Data Act entered into force. This marks a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the broader European data strategy and plays a significant role in advancing the EU’s digital transformation objectives outlined in the Digital Decade Policy Program 2030.

On July 10, 2023, the European Commission formally adopted a new adequacy decision for the EU-U.S. Data Privacy Framework (DPF), which provides companies transferring personal data to the U.S. an additional mechanism to legitimize their cross-Atlantic data transfers. The DPF replaces the previously invalidated Privacy Shield and Safe Harbour framework. The DPF is in many ways a “Safe Harbour III” – mainly due to the way that organizations can adhere to it, how it is administered, and the way that its compliance is monitored. However, the legal framework in the U.S. did change to accommodate the requests from the EU and the concerns expressed in the CJEU’s Schrems I and II judgments (reflected in the Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities of October 7, 2022 and regulations adopted by the U.S. Attorney General).