Access the full list of the EDPB and WP29 Guidelines here, including consultation versions, now-current versions and redlines between versions.
This program provides timely updates, best practices, and emerging developments in today’s data protection, privacy, and security industry.
On 18 October 2023, the French National Assembly voted in favour of a law aiming to secure and regulate the digital space (“Loi visant visant à sécuriser et réguler l’espace numérique” or “SREN”), otherwise called the “Sorare Act.” This new development marks a first step towards the establishment of a regulatory framework dedicated to games integrating non-fungible tokens (NFTs) and monetisation models based on digital assets.
These new provisions are aimed at the creation of a new category of games under French law called games with monetisable digital objects (“jeux à objets numériques monétisables” or “JONUM”). This new regime will enter into force ‘on an experimental basis and for a period of three years’ from the promulgation of the law and will authorise Web3 games with monetisable digital objects (including NFTs).
The Sorare Act defines JONUMs as “game elements, which only confer on players one or more rights associated with the game, and which may be transferred, directly or indirectly, for consideration to third parties,” while excluding digital assets covered by 2° of Article L. 54-10-1 of the French Monetary and Financial Code.
France is one the first jurisdictions in the world to create a specific regime for companies using NFTs as part of their games and the objective is to provide certainty to the industry.
Please reach out to our team if you need further information on this new development.
First publication: K&L Gates Hub, in collaboration with Lucas Nicolet-Serra
Gateway to Privacy: Privacy Regulations Are Built on Hope – A Deep Dive Into India’s Digital Personal Data Protection ActOctober 27th, 2023 | Posted by in Non classé | Privacy | World - (0 Comments)
A bit of Jyn Erso to wrap up the week!
New episode of K&L Gates Gateway to Privacy is out, and this time with our first external guest — our dear friend Arya Tripathy joins us with Whitney McCollum and Camille Scarparo for a deep dive into India’s new data protection law, the Digital Personal Data Protection Bill, 2023.
What’s to know, what’s to expect? Listen and find out!
Post-Brexit EU businesses have needed to rethink how they approach showing compliance with a host of regulations, managing international data transfers and building trust with data subjects. Having to comply with the GDPR, prepare for other data protection bills, all while continuing to comply with the EU-GDPR as well as a host of global regulations means businesses might look to certification as a common system for adequacy as a one-stop shop, when addressing the overlaps and more crucially closing the gaps on their privacy compliance programs.
- Noshin Khan, Senior Compliance Counsel, Ethics Center of Excellence, OneTrust
- Claude-Étienne Armingaud, Partner, K&L Gates
This panel session will focus on the growing concern over the ethical use of Artificial Intelligence (AI) and its impact on privacy. The panelists will discuss the role of accountability in developing responsible AI practices and the potential risks of AI systems when not properly regulated. They will also explore the importance of transparency and the need for data privacy regulations in the development and deployment of AI technologies. The session will provide insights into best practices for AI governance and how organizations can ensure the ethical use of AI while still benefiting from its potential.
The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US “Data Bridge” as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.
The UK – US “Data Bridge,” AKA the UK Extension to the EU – US Data Privacy Framework (Framework), allows UK organisations to transfer personal data to organisations located in the United States that have self-certified their compliance with certain data protection principles and appear on the Data Privacy Framework List. This scheme, administered by the US Department of Commerce, provides a redress mechanism for data subjects in the European Union to enforce their rights under the EU General Data Protection Regulation, in relation to a participating US organisation’s compliance with the Framework, and to US national security agencies’ access to personal data. This new redress mechanism attempts to prevent a challenge to the Framework similar to the Schrems II case, which invalidated the Framework’s predecessor EU – US Privacy Shield. Despite this, the Framework has already been the subject of a short-lived case at the Court of Justice of the EU, and there may be more legal challenges.
Alongside the adequacy regulations, the UK government published an analysis of the US laws relating to US national security agencies’ access to the personal data of European data subjects. This analysis effectively completes the international data transfer risk assessment (TRA), which UK organisations have been required to carry out before transferring personal data to the US. It is likely that UK organisations relying on the other Article 44 UK GDPR safeguards, such as the International Data Transfer Agreement, may also rely on this analysis in place of completing a TRA.
Leaders League Ranking 2023 – Intellectual property – Management of trademark, design and model portfolios – FranceOctober 3rd, 2023 | Posted by in Rankings | Trademarks - (0 Comments)
This series of webinars will address the potential impacts of artificial intelligence (AI) regulations on business across the globe. Recent developments in general availability of AI and generative AI solutions are leading regulators, at a global level, to consider legal frameworks to protect both individuals affected by AI and digital sovereignty. Our panelists will address these potential regulatory developments, as well as the expected timeline for these changes, region by region.
Our first panel will feature a discussion focused on current and future regulatory requirements on the AI industry throughout the EU and the UK. With the language of the EU’s Al Act heading into its trialogue, it is even more important for stakeholders to understand the EU’s approach and prepare for the potential impact of this regulation in Europe, UK, and beyond. The panelists will address key questions, such as:
- What new undertaking will be bearing on the stakeholders in this industry?
- Will government regulation be “technology neutral”?
- Could the various frameworks lead to conflicts for local compliance efforts?
- Will a requirement for an AI system to explain its thinking or provide substantive sources for all results have a deleterious impact on its ability to “think” independently?
- Is it too late for stakeholders to have a say in these expected frameworks?
Claude-Étienne Armingaud | PARTNER | PARIS
Giovanni Campi | POLICY DIRECTOR | BRUSSELS
Jennifer Marsh | PARTNER | LONDON
Register here: K&L Gates Website
August may be perceived as the month where France shuts down for the summer. Yet, just before the summer ’23 holiday, the French Data Protection Authority (“CNIL”) published several call to action for the various players of the data ecosystems in general and in artificial intelligence (AI) in particular, following its 16 May 2023 announcement of an AI action plan:
- Opening and re-use of publicly accessible data – The CNIL published a draft guidance on the such data usage, and all stakeholders are invited to weight in until 15 October 2023 before its finalization. While non-binding, this guidance is expected to lead the way on how the EU’s Supervisory Authority will apprehend and enforce the General Data Protection Regulation (“GDPR”) when personal data is scraped from online sources and subsequently used for subsequent purposes. This notably focuses on Art. 14 GDPR and the indirect collection of personal data and specific prior information requirements. Artificial Intelligence is explicitly mentioned by the CNIL in the draft, as such data, which feeds large-language models, “undeniably contributes to the development of the digital economy and is at the core of artificial intelligence.” Stakeholders are invited to submit their observations online through the dedicated portal.
- Artificial Intelligence Sandbox – Following in the footsteps of its connected cameras, EdTech & eHealth initiatives, the CNIL is launching an AI sandbox call for projects, where stakeholders involved in AI in connection with public services may apply to receive dedicated assistance by the regulator to co-construct AI systems complying with data protection and privacy rules.
- Creation of databases for Artificial Intelligence uses – Open to the broadest possible array of stakeholders (including individuals), this call for contributions notably addresses the specific issue relating to the use of publicly accessible data and aims at informing the CNIL of the various positions at play and how to balance GDPR’s requirements (information, legitimate interests, exercise of rights) with data subjects’ expectations. Stakeholders are invited to submit their observations online through the dedicated form (in French – our free translation in English is available below)- no deadline for submission has been set.