Author

Francesca Gaudino

Browsing

The EU AI Act was adopted by the European Parliament today and is expected to enter into force within a few months, with its first substantive provisions taking effect before the end of 2024. The EU AI Act applies across the AI lifecycle – from developers to deployers of AI technologies – and organisations across industries have been watching its progress closely. Now that it is finally approved, we set out below what’s next, and…

The new EU regulation on electronic evidence will enable law enforcement authorities from one EU member state to order service providers in other EU member states to surrender digital evidence. Providers who fail to comply within ten days or, in urgent cases, within eight hours, could face fines of up to two percent of their global group turnover. We manage our calendars online, store photos in the cloud, many of us haven’t seen the inside…

A key step towards adoption of the EU AI Act was reached last Friday as the draft text received unanimous approval from the European Council’s main preparatory body. There are further votes to follow before the Act is adopted, but it’s looking likely that the final vote will take place in April and some substantive provisions of the Act could be in force soon after that, possibly by the end of the year. We set…

28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…

Whilst the EU’s AI Act has been grabbing all the headlines, the draft AI Convention has been flying under the radar. But not for much longer. The Convention, also sometimes called the ‘AI Treaty’, has been drafted by the Council of Europe. If adopted, it will be the first legally binding international convention on AI. The latest draft is not the final version, but contains text that is still subject to negotiation. We’ve set out…

On December 22, 2023 the EU Regulation on harmonised rules on fair access to and use of data, also known as the Data Act, was published in the Official Journal of the European Union. It shall enter into force on the twentieth day following that of its publication, namely on January 11, 2024, and become applicable on September 12, 2025. The Data Act affects manufacturers of connected products and also providers of related services, including virtual…

This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…

Late in the evening on Friday 8 December in Brussels was a historic moment for AI regulation in Europe. After three days of extensive final debate the EU Parliament, Council and Commission finally announced provisional agreement on the EU AI Act, the bloc’s landmark legislation regulating development and use of AI in Europe. It is one of the world’s first comprehensive attempts to regulate the use of AI. The EU AI Act awaits formal adoption…

On August 9, India’s Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) passed both houses of the Indian Parliament and now awaits Presidential assent. In 2017, India’s Supreme Court mandated that privacy is a fundamental human right. Since that time, India has been working to pass data protection legislation. The DPDP Bill is India’s fifth draft of the bill. The DPDP Bill only applies to the processing of digital personal data in India, where the personal…

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…