Showing Posts In "Europe" Category
EU Privacy Laws to Delete See-Through Blockchains
On April 14, 2025, the European Data Protection Board (EDPB) opened a consultation on Guidelines 02/2025 that addresses the processing of personal data through blockchain technologies. The Guidelines have sparked controversy in the blockchain community by highlighting a long-standing tension: how to reconcile the EU’s data protection requirements with blockchain’s core principle of immutability? What is the EDPB […]
EU Proposes Exemptions to GDPR Record-Keeping Provisions
The EU Commission is proposing that SMEs, SMCs, and organizations with fewer than 750 employees will be required to maintain records only when the processing of personal data is “high risk” under the GDPR. The proposals on simplification measures for EU businesses, issued yesterday, do not include the procedural rules for GDPR cross-border cases, which […]
The EU AI Act: Key Milestones, Compliance Challenges and the Road Ahead
The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. In a recent Cooley webinar, partner Patrick Van Eecke and associate Bartholomäus Regenhardt, members of the firm’s cyber/data/privacy practice, provided an overview of the EU AI Act’s phased implementation, compliance […]
EDPB Publishes Final Version of Guidelines on Data Transfers to Third Country Authorities and SPE Training Material on AI and Data Protection
The European Data Protection Board (EDPB) has adopted the final version of the guidelines on data transfers to third country authorities: Guidelines 02/2024 on Article 48 of the GDPR. The Guidelines explain that judgements or decisions from third-country authorities cannot be automatically or directly recognized or enforced in an EU Member State, reaffirming that a […]
Transparency, Good Data and Documentation: How HR Can Navigate the EU AI Act
With the EU Artificial Intelligence Act’s inclusion of workplace AI under its prohibited uses, human resource departments are now tasked with re-examining their various AI applications to meet compliance requirements. AI used in employment and the workplace is considered “high-risk” under the AI Act and thus subject to legal stipulations if it can affect a person’s health […]
What Next for Data Subject Access Requests (DSARs)? The Direction of Travel
Data subject access requests are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organization has about them then how can they understand if their information is being used lawfully? While DSARs have been around for many years, the introduction […]
Albania Prompted to Implement Medical Cannabis Reform After U.N. Criticism
The Albania government has decided to legalize medical cannabis. The law, “control of the cultivation and processing of the cannabis plant and the production of its by-products for medical and industrial purposes” is now online. The bill will now be available for public comment, after which it will be forwarded to Parliament. Opposition groups call […]
The European Commission Clarifies Its Own Standard Contractual Clauses
The European Commission has released long-awaited guidance for the Standard Contractual Clauses (SCCs) adopted in June 2021. The Commission has developed Questions and Answers (Q&As) as a dynamic source of practical guidance on the use of SCCs. The Q&As respond to industry feedback on key practical aspects of the SCCs. What are the most notable […]
Calculation Of Fines Under The GDPR: Draft Guidelines by And for The Authorities
In May 2022, the European Data Protection Board published its Guidelines 04/2022 on the calculation of administrative fines under Regulation (EU) 2016/679 of the GDPR. The Draft Guidelines provide for a harmonized calculation of administrative fines under the GDPR. In general, the calculation of administrative fines is at the discretion of national data protection authorities […]
‘Controller,’ ‘Processor’ and ‘Transfer’: Some GDPR Concepts Re-Explained
Rules of the General Data Protection Regulation (GDPR) don’t just apply to companies that fall under its territorial scope, but also those that don’t have an establishment in the European Union (EU) but do target data subjects in the EU. The key elements of the concepts of the controller, joint controller, processor, and data […]
SUBSCRIBE TO OUR NEWSLETTERS
The Global Background Screener
The Background Buzz!
(U.S. Background Screening
E-Magazine)