Legal 500 Rankings 2024 – Data Privacy and Data Protection – Tier 2 & Leading Individual – France

March 27th, 2024 | Posted by Claude-Etienne Armingaud in France | Privacy | Rankings - (0 Comments)

The ‘young and innovative team’ at K&L Gates LLP has a strong reputation in the market for its ability to handle data protection liability issues in M&A transactions and global data protection compliance mandates. Areas of activity for the practice include machine learning, autonomous driving and blockchain-based services. Claude-Étienne Armingaud heads up the team and is described as a ‘fount of knowledge on the subject of privacy and data protection‘. He is frequently sought out by clients from the software industry for assistance with cross-border technology transactions.

Leading individuals: Claude-Etienne Armingaud – K&L Gates LLP

Practice head(s): Claude-Etienne Armingaud

Other Key Lawyer(s): Camille Scarparo

(more…)

, ,

Employment Practices and Data Protection: Monitoring Workers 101

March 26th, 2024 | Posted by Claude-Etienne Armingaud in Europe | Guidelines | Non classé | Privacy - (0 Comments)

The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help employers to build trust with workers, customers and service users. With Artificial Intelligence (AI) on the rise, the temptation may be strong for employers to leverage those emerging technologies in that space. This alert summarizes some specific steps employers should prioritise in light of the ICO guidance.

(more…)

Chambers Europe: TMT: Data Protection 2024

March 15th, 2024 | Posted by Claude-Etienne Armingaud in Non classé | Privacy | Rankings - (0 Comments)

Entering Chambers Europe/France TMT: Data Protection ranking as an Up & Coming lawyer.

Client testimonials:

Claude-Étienne has a vision that goes beyond IT into other areas, so he gives multidisciplinary and strategic insights. He is also pleasant to work with and efficient.

He works really efficiently for us; he is really dedicated and clearly passionate about it too.

Source: Chambers Europe

,

🇺🇸 Regulating AI Part-IV: The EU AI Ac – The Expected International Impacts of the First Comprehensive AI Regulation

February 19th, 2024 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Conference | Europe | Intelligence Artificielle | Legislation | Privacy - (0 Comments)

Part IV of our series “Regulating AI: The Potential Impact of Global Regulation of Artificial Intelligence” will focus on recent developments in general availability of AI and how generative AI solutions are leading regulators, at a global level, to consider legal frameworks to protect both individuals affected by AI and digital sovereignty.

The program will feature a panel addressing the EU AI Act, on which a preliminary political agreement was reached last December and unanimously approved by the ambassadors of the 27 countries of the European Union on 2 February 2024, prior to its upcoming final votes.

Like the GDPR before it, the EU AI Act will be a trailblazing piece of legislation which will impact companies at global level.

Our panelists will discuss the consequences of the EU AI Act on companies contemplating the provision of AI solutions in the EU market or leveraging AI in the EU, with a special focus on non-EU companies.

Additional topics in our Regulating AI — The Potential Impact of Global Regulation of Artificial Intelligence series include:  

  • Part I – 13 September 2023 (EU / U.K.) – View Recording
  • Part II – 7 December 2023 (Asia-Pacific Region: China, Hong Kong, Singapore, Japan) – View Recording
  • Part III – 12 December 2023 (United States)

Register or watch the replay here.

Access the full text of the EU AI Act here.

ICO Introduces Consultation Series on Data Protection and Generative AI

February 13th, 2024 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Europe | IT | Non classé | Privacy - (0 Comments)

The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.

As outlined by the ICO, web scraping will involve the collection and processing of personal data, which may not have been placed online directly by the data subjects themselves. To comply with the UK GDPR, Gen AI developers would need to ensure there is a valid lawful basis for their processing under UK GDPR, as well as comply with the relevant information requirements pertaining to indirect personal data collection.

For the first part of the consultation series, the ICO published a policy position on the lawful basis for training Gen AI models on web-scraped data which can be found here. More specifically, this consultation focusses on the ‘legitimate interest’ lawful basis under art. 6(1)(f) UK GDPR and the ‘three-part’ test that a data controller must pass to meet the legitimate interest basis (a so-called Legitimate Interest Assessment). The ICO has considered various actions that Gen AI developers could take to meet this three-part legitimate interest test to guarantee that the collection of training data through web scraping, i.e. processing of data, is complaint with the principles of UK GDPR. The ICO would now like to hear from relevant stakeholders on their view of the proposed regulatory approach and the impact this would have on their organisation. A link to the survey can be found here.

The deadline to submit a response is 1 March 2024.

First publication: K&L Gates Cyber Law Watch blog with Sophie Verstraeten

🇺🇸 Onetrust: AI Governance Masterclass – The EU AI Act

February 1st, 2024 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Conference | Europe | Legislation | Non classé | Privacy - (0 Comments)

Join our session as we explore the implications of the EU AI Act. In this webinar, we’ll:

Featured speakers

Yücel Hamzaoğlu​

Partner
HHK Legal

Melike Hamzaoğlu

Partner
HHK Legal

Claude-Étienne Armingaud​

Partner
KL Gates

Noshin Khan​

Ethics & Compliance, Associate Director
OneTrust​

Harry Chambers

Senior Privacy Analyst
OneTrust

Register here.

Who’s Who Legal – Data Privacy & Protection | Information Technology

December 29th, 2023 | Posted by Claude-Etienne Armingaud in France | IT | Non classé | Privacy | Rankings - (0 Comments)

New ranking in Who’s Who Data 2024 as Recommended in the Data Privacy & Protection and Information Technology categories.

UK’s Top Websites Receive Cookie Warnings from the ICO

December 11th, 2023 | Posted by Claude-Etienne Armingaud in cookies | Europe | Non classé | Privacy - (0 Comments)

The UK’s Information Commissioner’s Office (the “ICO”) has recently sent warnings to the UK’s most visited websites to inform them that they may face enforcement action if they do not make changes to their cookie banner to ensure compliance with UK data protection law. For example, some websites warned by the ICO do not provide their user with a fair choice on tracking for personalised advertising. This position aligns with the EU’s stance, noting France (see prior Alert here).

The ICO’s actions are part of a larger commitment to ensure individuals’ privacy rights are upheld by companies active in the online advertising industry. Publishers receiving a warning only have 30 days to amend their websites in line with UK GDPR. As further incentive for publishers to get compliant, the ICO has also warned that it will publish the details of those websites that have not made the requested changes in January. Such publicity may be even less welcome than the potentially large fines associated with breach of the data protection framework.

The statement made by the ICO highlights once again the importance for companies to review how cookies are used on their websites and how their cookie banners, along with the cookie consent management solution, are displayed. To be compliant, websites must make it as easy as possible for users to reject all advertising cookies. Personalized advertising can be compliant as long as it is based on the user’s consent. In case users reject all advertising cookies, websites can only show general adverts that are not tailored to the users’ browsing history. Consequently, websites should display a cookie banner that makes it as easy for users to reject cookies, as it is for them to accept cookies.

The ICO’s guidance in relation to cookie banners can be found here, which may need to be further updated with the newly presented Data Protection and Digital Information Bill.

First publication: Cyber Law Watch Blog with Sophie Verstraeten

Gateway to Privacy: Privacy Regulations Are Built on Hope – A Deep Dive Into India’s Digital Personal Data Protection Act

October 27th, 2023 | Posted by Claude-Etienne Armingaud in Non classé | Privacy | World - (0 Comments)

A bit of Jyn Erso to wrap up the week!

New episode of K&L Gates Gateway to Privacy is out, and this time with our first external guest — our dear friend Arya Tripathy joins us with Whitney McCollum and Camille Scarparo for a deep dive into India’s new data protection law, the Digital Personal Data Protection Bill, 2023.

What’s to know, what’s to expect? Listen and find out!

🇫🇷 OneTrust TrustWeek Paris: Charting GDPR – Navigating the EU and global data laws

October 17th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Data Transfer | Europe | Privacy | World - (0 Comments)

Post-Brexit EU businesses have needed to rethink how they approach showing compliance with a host of regulations, managing international data transfers and building trust with data subjects. Having to comply with the GDPR, prepare for other data protection bills, all while continuing to comply with the EU-GDPR as well as a host of global regulations means businesses might look to certification as a common system for adequacy as a one-stop shop, when addressing the overlaps and more crucially closing the gaps on their privacy compliance programs.

Featured speakers:

  • Noshin Khan, Senior Compliance Counsel, Ethics Center of Excellence, OneTrust 
  • Claude-Étienne Armingaud, Partner, K&L Gates

Register here.

, , ,