Support Centre

Europe

News

Insights

November 2024

Turkey: Amendments to the data protection law and changes to data transfers

The Personal Data Protection Law No. 6698 (the Law) is the main piece of legislation concerning the protection of personal data in Turkey, which covers the processing of personal data belonging to identified or identifiable individuals and governs the obligations imposed on individuals or legal entities processing such personal data. Deniz Tuncel, Partner at Hergüner Bilgen Üçer, looks at recent amendments to the Law and their impact on data transfers.

November 2024

Germany: Employee Data Protection Act - what are the practical implications?

Digitalization has significantly changed the world of work in recent years. More and more processes are becoming data-driven, and the use of artificial intelligence (AI) is creating new opportunities but also significant uncertainties and challenges for employers and employees.

The draft of the Employee Data Protection Act (Beschäftigtendatengesetz - BeschDG) from the Federal Ministry of Labor and Social Affairs is currently being coordinated between the departments and must then still be passed in the German Parliament (Bundestag) before it can come into force. In this Insight article, Dr. Jessica Jacobi, Partner at KLIEMT.Arbeitsrecht Part­ner­schaft von Rechts­an­wäl­ten mbB, discusses the most important new provisions of the draft, specific examples of implementation in everyday life, and what the draft could mean in practice.

November 2024

EU: Synthetic data as a privacy-enhancing technology for online marketing

In this Insight article, Dr. Mira Suleimenova, from Jentis GmbH, discusses the role of synthetic data in online marketing to protect users' privacy and comply with the relevant EU legislation.

November 2024

EU: NIS 2 Directive - Determining the applicable law, mapping national variations, and the DSP 'one stop shop' mechanism

The Network and Information Security Directive (EU) 2022/2555) (NIS 2 Directive) is a significant new law enacted to bolster cybersecurity across the European Union. It is an update of the original NIS Directive (Directive (EU) 2016/1148), which was adopted to address the increasing threats to network and information security. The aim of the NIS 2 Directive is to further harmonize, benchmark, and enhance cybersecurity measures that apply to network and information systems across the EU. The NIS 2 Directive seeks to create a more robust cybersecurity regulatory framework.

These new cybersecurity rules have been introduced as a directive, meaning that each Member State must enact laws reflecting these new rules and empowering regulators in their countries to supervise and enforce these laws. Individual countries can add to the NIS 2 Directive rules, provided any additional rules or requirements introduced are consistent with the Directive. The specific requirements and enforcement mechanisms can and do vary between Member States.

In this Insight article, Deirdre Kilroy, from Bird & Bird LLP, discusses the key elements of the NIS 2 Directive and how in-scope entities can ensure compliance.

November 2024

EU: AI and product liability - what legislation applies?

We are all aware artificial intelligence (AI) systems and AI-powered products are categorized as products, and that is what was respected in the EU Artificial Intelligence Act (the AI Act). AI is being deployed in multiple sectors of society and becoming an essential component for products, without which these would not be able to operate, but also AI applications have not fallen short of accidents and misuses.

In this Insight article, Spiros Tassis and Paolo Quattrone, from POTAMITISVEKRIS Law Partnership, will try to explain how the current and the scheduled EU product liability framework will interact with AI systems and the AI Act and explore how the AI Act Regulation deals with the topic of product liability. This is done to determine what is currently leading the EU's choices. Additionally, to understand the relationship of the AI Act with product liability, we shall explore the changes in the legislative landscape of the Union and the threat AI poses to consumers, as well as the focus points the EU Commission should consider.

October 2024

International: Regulating AI in Canada and abroad - comparing the proposed AIDA with the EU AI Act

Laws governing technology have historically focused on the regulation of information privacy and digital communications. However, governments and regulators around the globe have increasingly turned their attention to artificial intelligence (AI) systems. As the use of AI becomes more widespread and AI changes how business is conducted across industries, there are signs that existing declarations of principles and ethical frameworks for AI, and the first AI regulations (including those established in the EU), may soon be followed by other AI-specific legal frameworks in other jurisdictions1.

On June 16, 2022, the Canadian Government tabled Bill C-27, the Digital Charter Implementation Act, 2022. Bill C-27 proposes to enact, among other things, the Artificial Intelligence and Data Act (AIDA). In this Insight, Christopher Ferguson, Summer Lewis, and Dongwoo Kim, from Fasken Martineau DuMoulin LLP, provide a comparison between AIDA and the EU's Artificial Intelligence Act (the EU AI Act), looking specifically at both laws' approach to key definitions, the use of data, requirements for AI systems, and penalties, among other things2.

October 2024

International: What businesses need to know regarding ISO 42005 - a comprehensive overview

ISO 42005 is an emerging standard poised to play a pivotal role in the global artificial intelligence (AI) governance ecosystem. As AI continues to rapidly evolve, businesses face increasing pressure to align with regulations, standards, and best practices, ensuring ethical, transparent, and risk-conscious AI deployments. In this Insight article, Sean Musch, CEO of AI & Partners, and Charles Kerrigan, Partner at CMS Cameron McKenna Nabarro Olswang LLP, aim to help businesses understand ISO 42005, its significance, and how they can integrate it into their operations to stay ahead of regulatory demands and competitive pressures.

October 2024

UK: The Data (Use and Access) Bill - what you need to know

The Data (Use and Access) Bill was introduced to the House of Lords of the UK Parliament on October 3, 2024. The Bill aims to amend the UK's data protection regime by including provisions on recognized legitimate interests for lawful processing, automated decision-making, international data transfers, and cookies.

OneTrust DataGuidance Research provides an overview of the Bill, with expert insights by Philip James, Partner at Eversheds Sutherland's Global Privacy & Cybersecurity Group and AI Task Force, and Victoria Hordern, Partner at Taylor Wessing.

October 2024

EU: We live in interesting times - AI may be bringing regulatory and legislative concerns to a head

In this Insight article, Mark Lubbock and Ellen Keenan-O'Malley, from EIP, explore the EU's regulatory challenges with artificial intelligence (AI), highlighting new laws and concerns over data, competition, and innovation. It also examines the risks of overregulation on Europe's tech competitiveness.

October 2024

EU: The AI Act meets GDPR - The particular case around DPIAs by deployers

In recent months, understanding the new data protection obligations arising from legislation being approved across the EU has been a priority for many. A specific focus has been the Artificial Intelligence Act (the AI Act) and its interplay with the General Data Protection Regulation (GDPR). Both EU regulations uphold common principles such as transparency and fairness. Human intervention is considered a relevant means to mitigate potential harm. Additionally, the concept of risk-based assessments is emphasized as the best approach to balancing what is acceptable and what is not before a particular application is implemented.

In this Insight article, Sofia Calado, from Cloudflare, discusses the obligations and guidelines regarding assessments of artificial intelligence (AI) systems and models under the AI Act and the GDPR.

October 2024

UK: Cyber Security and Resilience Bill Overview

The UK Government plans to introduce new cybersecurity legislation across the UK in the form of the Cyber Security and Resilience Bill (the Bill). The Bill's objective is to improve the law around cybersecurity generally to make the UK's critical and cyber infrastructure more resilient in the face of frequent and damaging cyberattacks. Neil Williamson and Colin Lambertus, from EM Law, delve into the Bill and how it may be influenced by other developments in cybersecurity regulation, including the consultation on the NIS Regulations and the NIS 2 Directive.

September 2024

UK: The Digital Services Act and its interplay with AI

With the full entry into force of the EU's Digital Services Act (DSA) in February 2024, coupled with the EU's efforts to regulate artificial intelligence (AI) (culminating in the recently passed EU AI Act), businesses have been grappling with the compliance challenges posed by both of these regimes, against the backdrop of the General Data Protection Regulation (GDPR) and the rapidity with which tech companies have been innovating and launching AI tools in the UK and EU.

The genesis of the DSA predates the tsunami-like wave of AI innovation and adoption but has very important consequences for those larger businesses already caught in the crosshairs of the DSA who are now also bringing powerful new AI tools to market. In this article, Geraldine Scali and Anna Blest, from Bryan Cave Leighton Paisner LLP, explore how users and deployers of AI will need to consider the impact of the DSA alongside existing compliance obligations in the GDPR, whilst readying themselves for the staged implementation of the EU's AI Act.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.