International Privacy Laws

The fast-developing innovations brought by generative artificial intelligence (AI) are hastening calls from industry and government to consider new regulatory frameworks. The EU was in the process of implementing its AI Act, first proposed on April 21, 2021 (as we previously summarized), before generative AI chatbots were widely released. While the EU’s AI Act

Recent weeks have seen action from various European regulators regarding artificial intelligence/machine learning (AI/ML) and algorithms.

Opening of the European Centre for Algorithmic Transparency

The European Centre for Algorithmic Transparency (ECAT) was officially inaugurated on April 17, 2023, by the European Commission’s Joint Research Centre in Seville, Spain. The ECAT plans to leverage an interdisciplinary team of data scientists, AI experts, social scientists, and legal experts to perform technical analyses and evaluations of algorithms used by Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) governed by the Digital Services Act (DSA). The ECAT believes that doing so will help encourage transparency and risk-mitigation, particularly for systemic issues identified by the DSA, including possible amplification of illegal content and disinformation, impacts on freedom of expression or media freedom, gender-based violence, protection of minors online, and their mental health. Researchers at the ECAT will also study the long-term societal impact of algorithms.

Continue Reading European Regulators Advance Artificial Intelligence Initiatives

The European Commission released a draft adequacy decision on December 13, 2022, approving the new EU-U.S. data privacy framework established in part by President Biden’s Executive Order 14086 issued on October 7, 2022. The draft adequacy decision is the first step in the European Union’s adoption procedure.

Click here to read the full Update.

This is the second in a series of updates addressing the bilateral data access agreement (Data Access Agreement or agreement) between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The agreement, which entered into force on October 3, 2022, is designed to facilitate cross-border criminal

Following the European Council’s approval last week, the Digital Services Act (DSA) has been officially adopted, starting the countdown to the law’s entry into force later this year. The DSA builds on the Electronic Commerce Directive 2000 (e-Commerce Directive) and regulates the obligations of digital services that act as intermediaries in connecting consumers with third-party

The Cyberspace Administration of China released the Measures for the Security Assessment of Cross-Border Data Transfer on July 7, 2022, to regulate cross-border data transfers in accordance with the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. The measures went into effect on September 1, 2022.

The measures provide a six-month

The National Information Security Standardization Technical Committee issued a draft of the new national standards on May 26, 2022. The new draft—Information Security Technology: Requirements of Privacy Policy of Internet Platforms, Products and Services—is available for public comment until July 25, 2022.

The Draft Requirements document is China’s first list of national standards

China’s internet watchdog, the Cyberspace Administration of China, has continued to tighten its regulation of internet industries and driven the formulation of many new laws and regulations in cybersecurity and data protection in China.

On March 17, 2022, the CAC reported to the public its campaign’s achievements. These achievements showcased the determination of regulators to

On August 17, 2021, China released the new regulations on the Security and Protection of Critical Information Infrastructure (CII Regulations), which became effective on September 1, 2021. Even though China started its protection of Critical Information Infrastructure (CII) as early as 2016, when it released the Cybersecurity Law of the People’s Republic of China (CSL)

Last month, the European Center for Digital Rights (more commonly known as None of Your Business or “noyb”) launched a new campaign against the use of allegedly unlawful cookie banners by sending nearly 600 draft complaints to companies across the European Union and European Economic Area (EU/EEA). Noyb is the privacy watchdog organization