The EU Data Act, which takes effect Sept. 12, is awash with uncertainties that will likely spark challenges from consumer and plaintiff lawyers and impel data protection authorities (DPAs) to "become active very early on," Latham & Watkins data, cyber and tech lawyer Tim Wybitul told Privacy Daily this week.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
Femtech offers groundbreaking innovations in women's health but also poses serious privacy threats, data protection lawyers said. Even the EU, with its General Data Protection Regulation and AI Act, and the U.K., with its version of the GDPR, may not always provide adequate protection for the highly sensitive personal data that femtech apps collect and use, they added.
Europeans seeking compensation for non-material damages such as emotional stress arising from data breaches shouldn't generally expect large sums, according to attorneys from William Fry and Austrian lawyer and privacy advocate Max Schrems.
A German regional court on Tuesday dismissed a request for a preliminary injunction in a General Data Protection Regulation-related lawsuit against Meta over its AI-related data processing.
Asian AI developers looking to do business in the U.S., EU or U.K. face several key compliance challenges, Finnegan lawyers said Wednesday at the law firm's webinar.
Bulgaria's data protection authority provided schools with guidance Monday about protecting themselves from General Data Protection Regulation (GDPR) violations when sharing video surveillance footage with parents of children involved in school-related incidents.
Data protection officers (DPOs) often bring economic benefits to companies, especially organizations with a positive approach to General Data Protection Regulation (GDPR) compliance, French data authority CNIL said Wednesday, commenting on results of a survey. In addition, DPOs offer a host of other returns, including leverage to win contract tenders, avoidance of sanctions and data leakage and streamlined data management, it said.
With substantive data-protection provisions of the U.K. Data Use (and Access) Act 2025 (DUAA) beginning to apply near year's end, organizations should start monitoring new guidance from the Information Commissioner's Office (ICO), Robin Edwards, a member of the government's Department for Science, Innovation and Technology, said Wednesday during an IAPP webinar.
The U.K. is providing adequate protection for personal data transferred from the EU, the European Commission said Tuesday, initiating the process to adopt a new adequacy decision.
Companies operating in Latin America should be aware that data protection authorities (DPAs) there are increasing guidance and enforcement, said panelists during a webinar Tuesday sponsored by TrustArc, a privacy compliance vendor.