The EU’s new Network and Information Security Directive (NIS2) and its transpositions into the national laws of Member States will â contrary to all political objectives â not only apply to critical infrastructures, but all sectors of the economy. The threats to corporate cybersecurity no longer come from teenage hackers. They come from highly professional international criminal organizations and hostile state actors. In particular, the phenomenon of ransomware â malware that encrypts corporate data and…
In Brief The long-awaited EU AI Act was published in the Official Journal of the European Union today, 12 July 2024. The Act regulates activities across the AI lifecycle, as covered in more detail in our previous post, and the countdown for implementation has now started for companies developing or deploying AI technologies, with the Act entering into force 20 days after its publication on 1 August 2024. The Act as a whole is generally…
The EU AI Act was adopted by the European Parliament today and is expected to enter into force within a few months, with its first substantive provisions taking effect before the end of 2024. The EU AI Act applies across the AI lifecycle – from developers to deployers of AI technologies – and organisations across industries have been watching its progress closely. Now that it is finally approved, we set out below whatâs next, and…
28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…
On December 22, 2023 the EU Regulation on harmonised rules on fair access to and use of data, also known as the Data Act, was published in the Official Journal of the European Union. It shall enter into force on the twentieth day following that of its publication, namely on January 11, 2024, and become applicable on September 12, 2025. The Data Act affects manufacturers of connected products and also providers of related services, including virtual…
28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. To mark Data Protection Day 2023, Baker McKenzieâs Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…
On December 13, the European Commission (âECâ) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (âEUâ) residents, the EU-U.S. Data Privacy Framework (âDPFâ). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Bidenâs Executive Order (âEOâ) in October 2022, opens the door for an EU-U.S. data transfer…
In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers.  First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…
Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…
The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…