Brief refresher on the Data Governance Act (DGA): We covered the new wave of EU data-centric legislation that is being implemented to usher in stronger regulatory guardrails for data in our recent article on the EU Data Strategy, with one of the discussed laws being the Data Governance Act. The Data Governance Act (DGA) is aimed at increasing accessibility to data by regulating the re-use of publicly held protected data, increasing data sharing through the…
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…
The European Data Act is part of a comprehensive package of data-focused regulations proposed in February 2020 to achieve Europe’s data strategy. The strategy recognises that individuals are at the centre of data generation and that the use of personal data must prioritise its data subject’s protection but it also identifies that much of the data created is non-personal and represents an untapped source of growth and innovation. This is why the EU seeks to strike a…
The US Office of the Director of National Intelligence (“ODNI”) announced today that it has fully implemented new safeguards under Executive Order 14086. See INTEL – ODNI Releases IC Procedures Implementing New Safeguards in Executive Order 14086. These steps clear the path for the European Commission to adopt the draft “adequacy decision” for cross-border data transfers pursuant to the EU-U.S. Data Privacy Framework. By way of brief background, in July 2020, the Court of Justice…
In brief The European Data Protection Board (EDPB) has begun the 2023 iteration of its annual coordinated enforcement action under the General Data Protection Regulation (GDPR). In coordination with twenty-six EDPB Supervisory Authorities (SAs), the EDPB will analyze the roles, tasks, resources, and positions of Data Protection Officers (DPOs) in public and private sector organizations. DPOs should expect to receive requests soon from Supervisory Authorities to respond to questionnaires intended to aid that analysis, describing…
In brief On February 28, 2023, the European Data Protection Board (“EDPB”) published its non-binding opinion on the European Commission’s draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). As we have previously written, the DPF is intended to re-establish one of the legal mechanisms for transfers of personal data from the European Union (“EU”) to the U.S. The DPF replaces the EU-U.S. Privacy Shield (“Privacy Shield”), which the EU Court of Justice (“CJEU”)…
The European Commission proposed its first draft of the cybersecurity legislation, the Cyber Resilience Act (“CRA”), on 15 September 2022. The CRA is one part of a range of EU legislative measures aimed at increasing the overall cyber security and cyber resilience of the EU and businesses operating within it. The CRA will create a new regulatory framework and set of rules for software and hardware products falling under the definition of “products with digital…
Cybercrime is an increasingly pressing problem for societies at large, with digital transformation, remote working and geopolitical issues bringing about increased cyber threats and attacks. In 2016 the European Parliament adopted the Network and Information Security Directive (NISD), the first EU-wide legislation on cybersecurity, and the revised legislation, NIS2, has just been published. NISD required the implementation of certain risk management and reporting obligations on operators of essential services (OES), which included entities maintaining critical…
On 4 October the European Council officially approved the DSA. That means that the only thing left is for it to be published in the Official Journal, and a spokesperson said yesterday that is going to happen soon: “The DSA, a new online-content regulation, will be signed into EU law on 19 October, an EU spokeswoman has said…The signing ceremony will be held at the European Parliament in Strasbourg 19 October 2022. The DSA says…
Just over two years since the coming in to force of the Platform to Business Regulation (P2B), we take another look at developments in relation to enforcement action in key EU Member States and the UK. The past year has seen a notable increase in activity in Italy in particular, as well as several instances of enforcement in France and Germany. We also understand that competent authorities in several EU Member States are working on…