This OnPoint summarizes
key provisions of the European Commission s Proposed Regulation on Artificial Intelligence and offers some
practical takeaways and strategic considerations for impacted organizations. Given the heightened interest in AI by EU and U.S. authorities, and the success European lawmakers have had in exporting the European privacy legal framework globally, companies will want to start considering the impacts of the Proposed Regulation now, so they are well-positioned going forward.
This is the first in a series of Dechert OnPoints to be released in the coming weeks that will discuss the Proposed Regulation, its impacts on various industries, and intersections with discrete areas of law.
Second Circuit Allows Data Breach Claims for Increased Risk of Identity Theft
The U.S. Court of Appeals for the Second Circuit has ruled that plaintiffs can establish standing to pursue claims arising out data breaches based solely on an increased risk of identity theft, provided that the plaintiffs can demonstrate that the risk is sufficiently concrete.
On April 26, 2021, in
McMorris v. Carlos Lopez and Associates,
1 the Second Circuit ruled that affected data subjects who have alleged only an increased risk of identity theft following a data breach can have standing to bring a claim. The ruling is somewhat of a departure from other circuits’ decisions on similar issues, in which data subjects without a concrete injury had been denied standing to sue. However, although the court ruled that it was possible to have standing based solely on increased risk, it denied standing in the specific case before it based on its determination that the plaintiffs had not shown sufficient in
Tuesday, May 4, 2021
Introduction
In today’s digital society, accelerated by the COVID-19 pandemic, data protection laws have become increasingly common, complex and wide-ranging. Given the high speed at which these laws are being introduced and evolve, arbitral participants’ knowledge about their data protection obligations, and the serious penalties they risk for failure to comply
[1], is seldom exhaustive and up-to-date.
Several of the major arbitral rules and guidance have been updated in the last two years and now include a general requirement for tribunals and parties to consult and address data protection issues early on during an arbitration
[2].
Participants”)
[3] have numerous data protection obligations, which may compete and overlap, creating a complex compliance framework, especially in disputes that typically involve a significant amount of personal data, such as large-scale construction, technology and digital information disputes.
Irish data watchdog clashes with regulators over proposed WhatsApp fine Helen Dixon’s European counterparts argue proposed fine of up to €50m is too small
about an hour ago
Data Protection Commissioner Helen Dixon will soon enter talks with counterparts over WhatsApp’s breaches of GDPR. Photograph: Dado Ruvic/Reuters
Your Web Browser may be out of date. If you are using Internet Explorer 9, 10 or 11 our Audio player will not work properly.
The Data Protection Commissioner has clashed with several of her European counterparts after they objected to her proposal to impose a fine of up to €50 million on WhatsApp for violating privacy laws.
To embed, copy and paste the code into your website or blog:
Following Brexit, the European Commission is working on an adequacy decision concerning the UK, which will be announced before the end of June 2021. This is good news for businesses as it will make transfer of personal data from the European Economic Area (“EEA”) to the UK much more straightforward and will mean that there are no additional safeguards or documents for businesses to put in place to legitimise the flow of personal data to the UK. Although the UK’s data protection regime currently mirrors GDPR, there is some concern that laws will diverge over time. As such, the most likely outcome is that the UK is granted an adequacy decision for four years, which is subject to ongoing review.