- My company is not established in the EU. Should I really worry about the EU Data Act applying to my company?
- What are the operational impacts of the EU Data Act on my products‘ interface?
- My products are already on the market, can I still provide them as I am today?
- What data is in the EU Data Act scope?
- Does the EU Data Act provide for a harmonized framework for blockchain-based smart contracts?
- Who can request the sharing of data?
- How should data be made available?
- Are there any limitations on how the data can be shared?
- Can I invoke intellectual property right to forego the data sharing?
- Should the data be made available to public entities as well?
- Will I need to update my contracts as well?
- Will the data be required to stay in the European Union?
- When will all this become an operational reality for me?
- What are the EU Data Act penalties?
14 Questions about the EU Data Act
August 27th, 2024 | Posted by in Artificial Intelligence | Blockchain | Europe | IT | Legislation - (0 Comments)Political groups demand ‘responsibilities’ over Parliament’s data leak
June 10th, 2024 | Posted by in Data Breach | Europe | Interview | Privacy - (0 Comments)Four political groups have sent letters to the European Parliament President asking for further details, action, and “responsibilities” related to a recent data breach that affected a significant amount of employees’ personal data, including passports.
(more…)Quo Vadis, Data Domine? The EU Data Act and the EU data landscape
June 7th, 2024 | Posted by in Competition | Europe | IT | Privacy - (0 Comments)Six years after the European Regulation 2016/679 on the protection of personal data (“GDPR”) came into force, the European Union has just adopted a new regulation targeting a better distribution of the value generated by the use of data between players in the digital economy.
Entered into force on 11 January 2024, in only 22 months, Regulation 2023/2854 regarding the harmonized rules on fair access to and use of data (Regulation on Data or “EU Data Act”) aims at broadening the scope of Europe’s digital sovereignty, beyond the boundaries of personal data alone.
(more…)GDPR: 6 years in, where do we stand?
May 22nd, 2024 | Posted by in Conference | Europe | Privacy - (0 Comments)EU AI Act [FULL TEXT]
May 21st, 2024 | Posted by in Artificial Intelligence | Europe | Legislation - (0 Comments)
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)
(Text with EEA relevance)
(more…)GDR 100 2024 profile: K&L Gates
April 17th, 2024 | Posted by in Europe | Non classé | Privacy | Rankings | World - (0 Comments)K&L Gates’s expertise in data and tech work has recently seen it advise on matters as diverse as AI and machine learning projects’ impact on personal data retention and transparency and the implications of augmented reality make-up applications and smart fragrances. While the firm has some significant tech companies on board, the client base skews more heavily towards advising more traditional industries through digital transformation.
The data protection, privacy and security practice has multiple leaders, reflecting its wide geographic spread.
Claude-Étienne Armingaud in Paris, who is a dual-qualified French and New York lawyer, is a stand-out name: besides GDPR and privacy compliance, he also has extensive experience advising on tech transactions, for example relating to software, blockchain, connected cars and more. Other partners leading the practice are Cameron Abbott in Melbourne; Shannan Frisbie, Whitney McCollum, David Bateman and Carley Andrews in the firm’s Seattle headquarters; Bruce Heiman in Washington, DC; Limo Cherian in Chicago; Gina Bertolini and Leah Richardson in the Research Triangle Park office in North Carolina; and Sarah Turpin in London.
The K&L Gates practice’s senior ranks grew with the addition of San Francisco partner Michael Stortz, who was formerly at Akin Gump. Thomas Nietsch was promoted to the partnership in Berlin. The firm also hired counsel Veronica Muratori in Milan from Withersworldwide; Avril Love in Los Angeles from Tucker Ellis; and Ulrike Elteste in Frankfurt from Covington & Burling.
Client references
“K&L Gates has deep expertise and knowledge in this area and is always responsive. Advice is always timely and well-considered.”
“Collaboration with K&L Gates is always seamless. The team have deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”
First publication: Lexology GDR100
Employment Practices and Data Protection: Monitoring Workers 101
March 26th, 2024 | Posted by in Europe | Guidelines | Non classé | Privacy - (0 Comments)The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help employers to build trust with workers, customers and service users. With Artificial Intelligence (AI) on the rise, the temptation may be strong for employers to leverage those emerging technologies in that space. This alert summarizes some specific steps employers should prioritise in light of the ICO guidance.
(more…)🇺🇸 Regulating AI Part-IV: The EU AI Ac – The Expected International Impacts of the First Comprehensive AI Regulation
February 19th, 2024 | Posted by in Artificial intelligence | Artificial Intelligence | Conference | Europe | Legislation | Privacy - (0 Comments)Part IV of our series “Regulating AI: The Potential Impact of Global Regulation of Artificial Intelligence” will focus on recent developments in general availability of AI and how generative AI solutions are leading regulators, at a global level, to consider legal frameworks to protect both individuals affected by AI and digital sovereignty.
The program will feature a panel addressing the EU AI Act, on which a preliminary political agreement was reached last December and unanimously approved by the ambassadors of the 27 countries of the European Union on 2 February 2024, prior to its upcoming final votes.
Like the GDPR before it, the EU AI Act will be a trailblazing piece of legislation which will impact companies at global level.
Our panelists will discuss the consequences of the EU AI Act on companies contemplating the provision of AI solutions in the EU market or leveraging AI in the EU, with a special focus on non-EU companies.
Additional topics in our Regulating AI — The Potential Impact of Global Regulation of Artificial Intelligence series include:
- Part I – 13 September 2023 (EU / U.K.) – View Recording
- Part II – 7 December 2023 (Asia-Pacific Region: China, Hong Kong, Singapore, Japan) – View Recording
- Part III – 12 December 2023 (United States)
Register or watch the replay here.
Access the full text of the EU AI Act here.
ICO Introduces Consultation Series on Data Protection and Generative AI
February 13th, 2024 | Posted by in Artificial Intelligence | Europe | IT | Non classé | Privacy - (0 Comments)The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.
As outlined by the ICO, web scraping will involve the collection and processing of personal data, which may not have been placed online directly by the data subjects themselves. To comply with the UK GDPR, Gen AI developers would need to ensure there is a valid lawful basis for their processing under UK GDPR, as well as comply with the relevant information requirements pertaining to indirect personal data collection.
For the first part of the consultation series, the ICO published a policy position on the lawful basis for training Gen AI models on web-scraped data which can be found here. More specifically, this consultation focusses on the ‘legitimate interest’ lawful basis under art. 6(1)(f) UK GDPR and the ‘three-part’ test that a data controller must pass to meet the legitimate interest basis (a so-called Legitimate Interest Assessment). The ICO has considered various actions that Gen AI developers could take to meet this three-part legitimate interest test to guarantee that the collection of training data through web scraping, i.e. processing of data, is complaint with the principles of UK GDPR. The ICO would now like to hear from relevant stakeholders on their view of the proposed regulatory approach and the impact this would have on their organisation. A link to the survey can be found here.
The deadline to submit a response is 1 March 2024.
First publication: K&L Gates Cyber Law Watch blog with Sophie Verstraeten
🇺🇸 Onetrust: AI Governance Masterclass – The EU AI Act
February 1st, 2024 | Posted by in Artificial Intelligence | Conference | Europe | Legislation | Non classé | Privacy - (0 Comments)
Join our session as we explore the implications of the EU AI Act. In this webinar, we’ll:
- Break down the four levels of AI risk under the AI Act
- Discuss legal requirements for deployers and providers of AI systems
- Provide a playbook for deployers and providers to accelerate EU AI Act compliance
Featured speakers
Yücel Hamzaoğlu
Partner
HHK Legal
Melike Hamzaoğlu
Partner
HHK Legal
Claude-Étienne Armingaud
Partner
KL Gates
Noshin Khan
Ethics & Compliance, Associate Director
OneTrust
Harry Chambers
Senior Privacy Analyst
OneTrust
Copyright © 2025 All rights reserved.
Designed by 