🇫🇷 OneTrust TrustWeek Paris: Charting GDPR – Navigating the EU and global data laws

October 17th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Data Transfer | Europe | Privacy | World - (0 Comments)

Post-Brexit EU businesses have needed to rethink how they approach showing compliance with a host of regulations, managing international data transfers and building trust with data subjects. Having to comply with the GDPR, prepare for other data protection bills, all while continuing to comply with the EU-GDPR as well as a host of global regulations means businesses might look to certification as a common system for adequacy as a one-stop shop, when addressing the overlaps and more crucially closing the gaps on their privacy compliance programs.

Featured speakers:

  • Noshin Khan, Senior Compliance Counsel, Ethics Center of Excellence, OneTrust 
  • Claude-Étienne Armingaud, Partner, K&L Gates

Register here.

, , ,

🇫🇷 Managing Privacy And Accountability In The AI Ethical Landscape

October 5th, 2023 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Conference | Privacy - (0 Comments)

This panel session will focus on the growing concern over the ethical use of Artificial Intelligence (AI) and its impact on privacy. The panelists will discuss the role of accountability in developing responsible AI practices and the potential risks of AI systems when not properly regulated. They will also explore the importance of transparency and the need for data privacy regulations in the development and deployment of AI technologies. The session will provide insights into best practices for AI governance and how organizations can ensure the ethical use of AI while still benefiting from its potential.

Co-Panelists:

#AI #ArtificialIntelligence #gdpr #ethics #dataprotection #regulation #insights23 #pecb #Privacy #Accountability

UK Government Approves Adequacy of UK-US Data Bridge

October 4th, 2023 | Posted by Claude-Etienne Armingaud in Data Transfer | Europe | Privacy | World - (0 Comments)

The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US “Data Bridge” as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.

The UK – US “Data Bridge,” AKA the UK Extension to the EU – US Data Privacy Framework (Framework), allows UK organisations to transfer personal data to organisations located in the United States that have self-certified their compliance with certain data protection principles and appear on the Data Privacy Framework List. This scheme, administered by the US Department of Commerce, provides a redress mechanism for data subjects in the European Union to enforce their rights under the EU General Data Protection Regulation, in relation to a participating US organisation’s compliance with the Framework, and to US national security agencies’ access to personal data. This new redress mechanism attempts to prevent a challenge to the Framework similar to the Schrems II case, which invalidated the Framework’s predecessor EU – US Privacy Shield. Despite this, the Framework has already been the subject of a short-lived case at the Court of Justice of the EU, and there may be more legal challenges.

Alongside the adequacy regulations, the UK government published an analysis of the US laws relating to US national security agencies’ access to the personal data of European data subjects. This analysis effectively completes the international data transfer risk assessment (TRA), which UK organisations have been required to carry out before transferring personal data to the US. It is likely that UK organisations relying on the other Article 44 UK GDPR safeguards, such as the International Data Transfer Agreement, may also rely on this analysis in place of completing a TRA.

First publication: K&L Gate Cyber Law Watch Blog in collaboration with Noirin McFadden

The Summer of AI – French Data Protection Authority Calls for Stakeholders to Exchange

August 7th, 2023 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | France | IT | Legislation | Privacy - (0 Comments)

August may be perceived as the month where France shuts down for the summer. Yet, just before the summer ’23 holiday, the French Data Protection Authority (“CNIL”) published several call to action for the various players of the data ecosystems in general and in artificial intelligence (AI) in particular, following its 16 May 2023 announcement of an AI action plan:

  • Opening and re-use of publicly accessible data – The CNIL published a draft guidance on the such data usage, and all stakeholders are invited to weight in until 15 October 2023 before its finalization. While non-binding, this guidance is expected to lead the way on how the EU’s Supervisory Authority will apprehend and enforce the General Data Protection Regulation (“GDPR”) when personal data is scraped from online sources and subsequently used for subsequent purposes. This notably focuses on Art. 14 GDPR and the indirect collection of personal data and specific prior information requirements. Artificial Intelligence is explicitly mentioned by the CNIL in the draft, as such data, which feeds large-language models, “undeniably contributes to the development of the digital economy and is at the core of artificial intelligence.” Stakeholders are invited to submit their observations online through the dedicated portal.
  • Artificial Intelligence Sandbox – Following in the footsteps of its connected cameras, EdTech & eHealth initiatives, the CNIL is launching an AI sandbox call for projects, where stakeholders involved in AI in connection with public services may apply to receive dedicated assistance by the regulator to co-construct AI systems complying with data protection and privacy rules.
  • Creation of databases for Artificial Intelligence uses – Open to the broadest possible array of stakeholders (including individuals), this call for contributions notably addresses the specific issue relating to the use of publicly accessible data and aims at informing the CNIL of the various positions at play and how to balance GDPR’s requirements (information, legitimate interests, exercise of rights) with data subjects’ expectations. Stakeholders are invited to submit their observations online through the dedicated form (in French – our free translation in English is available below)- no deadline for submission has been set.
(more…)

, ,

#PICCASOAwards – Shortlisted for Privacy Leader: Legal 2023

July 28th, 2023 | Posted by Claude-Etienne Armingaud in Non classé | Privacy | Rankings - (0 Comments)

Thrilled to share that I’ve been shortlisted for Privacy Leader: Legal for this year’s PICCASO (Privacy, InfoSec, Culture Change & Awareness Societal Organisation) Awards.

Grateful to the award committee for the recognition and to our K&L Gates #DataProtection team as a whole who is a constant source of motivation, motivation and fun even in complex moments (especially in Europe cc Ulrike Elteste (Mahlmann) Noirin McFadden Andreas Müller Veronica Muratori Thomas Nietsch Camille Scarparo). Also psyched to be among such a roster nominees, whether in this category or the others as a whole. Whoever gets awarded, it’ll always be a win for #privacy!

Looking forward to celebrate with you all in person in London!

Leaders League Ranking 2023 – Healthcare, pharmaceuticals & biotech – eHealth- France

July 27th, 2023 | Posted by Claude-Etienne Armingaud in eHealth | Privacy | Rankings - (0 Comments)

K&L Gates ranked “Recommended” with Claude-Etienne Armingaud.

Source: Leaders League

(more…)

, , ,

Best Lawyers 2024: Privacy and Data Security Law

June 30th, 2023 | Posted by Claude-Etienne Armingaud in France | Privacy | Rankings - (0 Comments)

Once again included in the Best Lawyers in France ranking for Privacy and Data Security Law

Source: Best Lawyers

, ,

🇺🇸 Generative AI Legal, Policy and Ethical Considerations

June 27th, 2023 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Conference | Europe | IT | Privacy | World - (0 Comments)

In this webinar, our lawyers discuss generative artificial intelligence (AI). Fast paced growth in generative AI is changing the way we work and live. With such changes come complex issues and uncertainty. We will address the legal, policy and ethical risks, mitigation, and best practices to consider as you develop generative AI products and services, or use generative AI in the operation of your business.

With Annette Becker, Guillermo Christensen, Whitney McCollum, Jilie Rizzo, and Mark Wittow

If you were not able to join last Tuesday, you can watch the replay below:

Source: K&L Gates Hub

🇺🇸 Safeguarding the World’s Trust – The Privacy Collective

June 14th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Europe | Privacy | World - (0 Comments)

Speakers:

  • Zelda Olentia, Senior Product Manager, RadarFirst
  • Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates LLP

Air Date: Wednesday 14 June at 1 pm ET / 10 am PT. Replay on demand available here!

Description

Gartner predicts that by the end of 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations. This exponential increase from only 10% global coverage in 2020 raises the stakes for global organizations. The challenge will be to ensure compliance, while safeguarding trust for an unprecedented volume of regulated data.

Join the upcoming live Q&A to learn what’s driving this expansion and how to prepare. You’ll hear from Zelda Olentia, Senior Product Manager at RadarFirst, and special guest, Claude-Etienne Armingaud who is a partner at K&L Gates LLP and a coordinator for the Firm’s Data Protection, Privacy, and Security practice group.

In this session we will cover:

  What is driving the expansion of privacy regulation?

  Where are we on this path towards 65% global coverage?

  How do you scale privacy operations for international privacy laws quickly and effectively before year-end 2024?

Register Now >>

List of the EDPB Guidelines

May 30th, 2023 | Posted by Claude-Etienne Armingaud in Guidelines | Non classé | Privacy - (0 Comments)

Access the full list of the EDPB and WP29 Guidelines here, including consultation versions, now-current versions and redlines between versions.