Navigating the Intersection of Data Scraping and Artificial Intelligence–A Global Data Protection Authorities’ Take

November 18th, 2024 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Privacy | World - (0 Comments)

In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IEWG) recently published a Joint statement on data scraping and the protection of privacy (signed by the Canadian, British, Australian, Swiss, Norwegian, Moroccan, Mexican, and Jersey data protection authorities) to provide further input for businesses when considering data.

The statement emphasizes that:

Even publicly accessible data is subject to privacy laws across most jurisdictions – meaning that scraping activities must comply with data protection regulations requiring a (i) lawful basis for data collection and, (ii) transparency with individuals, including obtaining consent where necessary.

Collecting mass data can constitute a reportable data breach if it includes unauthorized access to personal data.

Relying on platform terms (e.g., Instagram) for data scraping does not automatically ensure compliance as (i) this contractually authorized use of scraped personal data is not automatically compliant with data protection and artificial intelligence (AI) laws, and (ii) it is difficult to determine whether scraped data is used solely for purposes allowed by the contract terms.

When training AI models, it is critical to adhere not only to privacy regulations but also to emerging AI laws as ensuring AI model transparency and data processing limitations is now increasingly expected by privacy regulators.

The sensitivity of this topic underscores the close relationship between data protection and the ever-data-hungry artificial intelligence industry.

First Publication on K&L Gates Cyber Law Watch blog, in collaboration with Anna Gaentzhirt

K&L Gates Short Listed for Leading Law Firm at PICCASO Privacy Awards

August 30th, 2024 | Posted by Claude-Etienne Armingaud in Europe | Privacy | Rankings - (0 Comments)

After being individually shortlisted as “Leader of the Year: Legal” in 2023, the full European Data Protection, Privacy and Security team of K&L Gates is once again recognized for its expertise by being shortlisted as “Leading Law Firm” for the Piccaso Awards Europe 2024.

Congrats to the team and see you in London!

Decree No. 2024-388 and Its Implications for Intermediation Platforms

June 10th, 2024 | Posted by Claude-Etienne Armingaud in France | Legislation | Privacy - (0 Comments)

Digital intermediation service platforms within the sectors of chauffeur-driven transportation and goods delivery have new responsibilities since the enactment of Decree no. 2024-388 on 25 Avril 2024. Operating under the framework established by Article L. 7345-1 of the French Labor Code, this Decree has initiated a systematic collection and transmission protocol for data concerning platform workers’ activities to the French Employment Platforms Social Relations Authority (“ARPE”).

This new system aims to bolster the production of statistical reports, as instrumental means to inform and transform the dialogue with the representative organizations.

Along these lines, platforms hold an equally important responsibility to revise their privacy notices. Transparency is paramount—the notices must clearly articulate these new data processing operations to the individuals concerned, ensuring that workers are fully aware of how their personal data is captured, utilized, and shared.

The implementation of Decree no. 2024-388 also signals a proactive step towards enhancing social dialogue tools within the affected sectors. Empowering ARPE to collect and leverage the data within its statutory power creates an opening for more informed policy-making and a more significant discourse between platforms, workers, and representative organizations.

The inception of the Decree manifests a shift towards a more transparent and regulated digital labor market. It requires those in authority—data controllers and intermediation platforms alike—to engage in a comprehensive update of operational protocols and privacy frameworks, thereby securing data subject rights while contributing to a broader socio-economic analysis. Such task will necessitate a keen understanding of both legal obligations and the ethical standards underscoring the digital economy.

The crucial evolution underlying the enactment of the Decree will require Platforms acting as data controllers to update in alignment their records of processing activities (RoPA) and meticulously document the nature, purpose, scope of data processed and the operational procedures for transferring requisite data to the ARPE.

First publicationK&L Gates Cyber Law Watch Blog– in collaboration with Kenza Berrada

Political groups demand ‘responsibilities’ over Parliament’s data leak

June 10th, 2024 | Posted by Claude-Etienne Armingaud in Data Breach | Europe | Interview | Privacy - (0 Comments)

Four political groups have sent letters to the European Parliament President asking for further details, action, and “responsibilities” related to a recent data breach that affected a significant amount of employees’ personal data, including passports.

(more…)

Quo Vadis, Data Domine? The EU Data Act and the EU data landscape

June 7th, 2024 | Posted by Claude-Etienne Armingaud in Competition | Europe | IT | Privacy - (0 Comments)

Six years after the European Regulation 2016/679 on the protection of personal data (“GDPR”) came into force, the European Union has just adopted a new regulation targeting a better distribution of the value generated by the use of data between players in the digital economy.

Adopted on 11 January 2024, in only 22 months, Regulation 2023/2854 regarding the harmonized rules on fair access to and use of data (Regulation on Data or “EU Data Act”) aims at broadening the scope of Europe’s digital sovereignty, beyond the boundaries of personal data alone.

(more…)

GDPR: 6 years in, where do we stand?

May 22nd, 2024 | Posted by Claude-Etienne Armingaud in Conference | Europe | Privacy - (0 Comments)

, ,

Once More Ranked Among World’s Best Data Law Firms by Global Data Review

May 5th, 2024 | Posted by Claude-Etienne Armingaud in Non classé | Privacy | Rankings | World - (0 Comments)

Once again, global law firm K&L Gates LLP has been ranked among the world’s 100 leading data law firms by Global Data Review’s GDR 100. The annual list examines law firms’ privacy and data protection capabilities, use of IP and confidentiality laws to protect proprietary data, and the firm’s work on all other personal and non-personal data laws at a global level. 

Nearly two dozen K&L Gates lawyers were recognized in the 2024 GDR 100, including Paris partner Claude-Étienne Armingaud. Other partners leading the practice and identified in the profile include Melbourne partner Cameron Abbott, Seattle partners Shannan FrisbieWhitney McCollumDavid Bateman, and Carley Andrews, Washington, D.C., partner Bruce Heiman, Chicago partner Limo Cherian, London partner Sarah Turpin, and Research Triangle Park partners Gina Bertolini and Leah Richardson.

Clients provided positive feedback of their experience working with K&L Gates’ lawyers stating the team has “deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”

K&L Gates’ Data Protection, Privacy, and Security practice boasts more than 60 lawyers and professionals with experience in various technologies and methodologies. From assessing risk to incident response, breach, and crisis counseling globally, the team is qualified to handle most data privacy and security compliance issues. The practice also assists with cross-border mergers and acquisitions and specialized services focused on emerging areas such as biometric data compliance and defense.

The full K&L Gates profile can be read at Global Data Review (subscription required).

, ,

THE 2024 LAWDRAGON 500 LEADING GLOBAL CYBER LAWYERS

April 26th, 2024 | Posted by Claude-Etienne Armingaud in Privacy | Rankings | World - (0 Comments)

We are thrilled to share our newest guide – and honor the 500 global cyber lawyers recognized here.

There is little in life or law that isn’t encoiled in the digital world these days. And these are the lawyers who connect it all – data and security, innovation and inspiration, litigation and exploration.

Defining what exactly a leading cyber lawyer is was part of the mission. The core of this guide are the privacy and data security specialists who began forming this practice well over a decade ago as companies experienced data breaches and attorneys scurried to become designated as privacy specialists.

But a deep dive on what lawyers and firms globally consider to be cybersecurity these days uncovered a world robust with former intelligence officers, hackers, government officials learning to parse competition claims regarding data sets, tech dealmakers turned to for their way around cyber protocols as deal points, litigators who defend Big Tech from claims of biometric privacy invasion. Robustly represented are former prosecutors and other government leaders whose portfolios detail vast experience in cyber crime security and prosecution.

Take TikTok as an example of the vast layers of legal regulation, national security, technology and consumer protection embedded in its affairs. We’re fascinated to watch the legal teams assemble to parse demands it be sold.

Specialists in regulation of drones and autonomous vehicles are represented here, alongside the legal world’s leading minds in national security, who guide on often old battles fought with new weapons.

To create this list – our inaugural edition – we weighed nominations, independent research and views of peers. This guide is 39 percent female and 19 percent inclusive. Those noted by an asterisk are esteemed members of our Hall of Fame

Source: LawDragons

GDR 100 2024 profile: K&L Gates

April 17th, 2024 | Posted by Claude-Etienne Armingaud in Europe | Non classé | Privacy | Rankings | World - (0 Comments)

K&L Gates’s expertise in data and tech work has recently seen it advise on matters as diverse as AI and machine learning projects’ impact on personal data retention and transparency and the implications of augmented reality make-up applications and smart fragrances. While the firm has some significant tech companies on board, the client base skews more heavily towards advising more traditional industries through digital transformation.
The data protection, privacy and security practice has multiple leaders, reflecting its wide geographic spread.
Claude-Étienne Armingaud in Paris, who is a dual-qualified French and New York lawyer, is a stand-out name: besides GDPR and privacy compliance, he also has extensive experience advising on tech transactions, for example relating to software, blockchain, connected cars and more. Other partners leading the practice are Cameron Abbott in Melbourne; Shannan Frisbie, Whitney McCollum, David Bateman and Carley Andrews in the firm’s Seattle headquarters; Bruce Heiman in Washington, DC; Limo Cherian in Chicago; Gina Bertolini and Leah Richardson in the Research Triangle Park office in North Carolina; and Sarah Turpin in London.

The K&L Gates practice’s senior ranks grew with the addition of San Francisco partner Michael Stortz, who was formerly at Akin Gump. Thomas Nietsch was promoted to the partnership in Berlin. The firm also hired counsel Veronica Muratori in Milan from Withersworldwide; Avril Love in Los Angeles from Tucker Ellis; and Ulrike Elteste in Frankfurt from Covington & Burling.

Client references


“K&L Gates has deep expertise and knowledge in this area and is always responsive. Advice is always timely and well-considered.”


“Collaboration with K&L Gates is always seamless. The team have deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”

First publication: Lexology GDR100

Beyond Paywalls, Cookies and Web Scraping: Navigating the new frontiers of data privacy and digital consent under GDPR and e-privacy directive in Italy and France

March 28th, 2024 | Posted by Claude-Etienne Armingaud in Conference | Privacy - (0 Comments)

Speaker at Virtual France and Milan Joint KnowledgeNet: 28 March 2024

Topic:

Beyond Paywalls, Cookies and Web Scraping: Navigating the new frontiers of data privacy and digital consent under GDPR and e-privacy directive in Italy and France.

Joint event between Paris and Milan KnowledgeNet Chapters regarding recent developments on consent in relation to web scraping and paywall.

Speakers:

Giovanna Fragalà, CIPP/E, Privacy Specialist, RCS mediagroup

Luca Zambrelli, e-business and Digital Director, Dolce&Gabbana

Paul Ouvrard-Arnaud, DPO; Compliance Officer, Dentsu International

Claude-Etienne Armingaud, CIPP/E, Partner, K&L Gates

Language: 

This event will be in English.

Register here