My Content
Insights

EDPB Issues a Favorable Opinion on EU-Brazil Data-Transfer Adequacy

The European Data Protection Board (EDPB) adopted an opinion on the European Commission’s draft implementing decision under Article 45 of the GDPR, recognizing that Brazil ensures an essentially equivalent level of protection for personal data. The opinion acknowledges Brazil’s comprehensive framework as closely aligned with the EU’s General Data Protection Regulation (GDPR).

However, the EDPB highlighted several key areas requiring ...

UK ICO Publishes Public-Sector Enforcement Strategy

The UK Information Commissioner’s Office (ICO) published a blog outlining its enforcement approach to the UK public sector under the UK GDPR and Data Protection Act 2018. The ICO emphasizes that its primary objective is to raise data protection standards across sectors rather than rely on fines as the default tool. Early engagement with senior decision-makers, audits, guidance, and sandbox-type ...

California Introduces New Age Verification Requirements for Software Applications

This October, California Governor Gavin Newsom signed the Digital Age Assurance Act into law, establishing new age verification rules for software applications. The law takes effect on January 1, 2027.

The law focuses on mandatory age verification signals for software applications and online services, aiming to provide greater protections for child users.

Operating system providers (OSPs) are required to provide ...

UK Proposes a New Cyber Security and Resilience Bill

The UK Parliament has begun deliberations on the Cyber Security and Resilience (Network and Information Systems) Bill. The proposed UK act aims to improve the security and resilience of network and information systems relied upon for essential activities, primarily through amendments to the existing Network and Information Systems Regulations 2018 (the NIS Regulations).

The bill’s operative parts begin with amendments ...

German Court Finds Copyright Infringement in Generative AI Training

The Munich I Regional Court (Landgericht München I) issued a decision recognizing that the large language models (LLMs) used by OpenAI contained memorized reproductions of protected song-lyrics and held that use of the models constituted a reproduction under copyright law. The case involved claims by GEMA (German Society for Musical Performance and Mechanical Reproduction Rights) that OpenAI’s models had memorized ...

European Data Protection Supervisor Issues New Guidance on AI Risk-Management

The European Data Protection Supervisor (EDPS) published “Guidance for Risk Management of Artificial Intelligence Systems” in respect of EU institutions, bodies, and agencies subject to the version of the GDPR that applies to EU bodies (“EUDPR”).

The guidance aims to help EU institutions acting as controllers to identify and reduce specific data protection risks under the EUDPR. The guidance focuses ...

More of My Content
Insights