Alston & Bird Privacy, Cyber & Data Strategy Blog

Alice Portnoy

Avatar photo

About Alice Portnoy

Alice Portnoy is a Senior Associate in Alston & Bird’s Brussels office and a member of the Privacy, Cyber & Data Strategy Team. Alice focuses her practice on technology and data privacy matters with experience counseling national and international companies across the media and entertainment, pharma, scientific research, education, nonprofit, and food and retail sectors.

[Read Bio]

EU Privacy Regulators Weigh in on the Proposed EU Biotech Act: Key Takeaways for Life Sciences Companies

By and

On March 10, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the European Commission’s proposed EU Biotech Act – a forthcoming legislative framework expected to materially affect how clinical trials are designed, conducted, and governed in the EU. The proposal, introduced in December 2025, […]

EU Moves Toward a Single Entry Point for Security Incident Reporting

By and

On March 17, 2026, the European Parliament published a briefing signalling continued momentum toward the creation of an EU‑wide Single Entry Point (SEP) for security incident reporting. The initiative is part of the European Commission’s proposed Digital Omnibus legislative package and is intended to simplify how organizations report incidents – including personal data breaches – […]

Spanish DPA Releases Agentic AI Guidance

By and

On 18 February 2026, the Spanish Data Protection Authority (Agencia Española de Protección de Datos or ‘AEPD’) published an 81‑page guidance document on the privacy aspects of AI systems operating as agents – commonly referred to as ‘agentic AI’. The guidance is aimed at companies that process personal data under the EU General Data Protection […]

Spanish DPA Highlights Privacy Risks in GenAI Content Creation

By and

Earlier this month, the Spanish Data Protection Authority (Agencia Española de Protección de Datos, or AEPD) issued new guidance on the privacy and data protection risks associated with uploading images or photos – whether directly or indirectly identifying individuals – into generative AI tools. The guidance is particularly focused on situations where those images are […]

How to Comply with the EU AI Act: Guidance from the Spanish AI Regulator

By and

On December 10, the Spanish supervisory authority for the EU AI Act (Agencia Española de Supervisión de Inteligencia Artificial, or AESIA) published a set of 16 detailed guidelines and non-binding checklists (available online here in Spanish) designed to help companies navigate their obligations under the AI Act, which entered into force in August 2024. The […]