European Privacy & Cybersecurity

Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules

March 20, 2025 By Alice Portnoy and Wim Nauwelaerts

On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance to help companies from all sectors navigate applicable EU privacy and data protection law requirements […]

Green Light for the Enforcement of NIS 2 in Limited EU Countries Only

October 17, 2024 By Wim Nauwelaerts, Kelly Hagedorn and Alice Portnoy

EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU legislator required all 27 Member States to incorporate into their local laws the requirements of NIS 2 and to make […]

Belgian Data Protection Authority Publishes Guidance on the Interplay between the GDPR and the AI Act

September 25, 2024 By Wim Nauwelaerts and Alice Portnoy

On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection Regulation (the GDPR), which aims to provide further insight into the use of artificial intelligence (AI) systems that process personal data. The […]

EU Artificial Intelligence Act Signed Into Law

June 13, 2024 By Paul Greaves and Wim Nauwelaerts

Today, the EU Artificial Intelligence Act (‘AI Act’) was signed into law. The AI Act will impose obligations on both private and public sector actors which provide, import, distribute, or deploy in-scope AI systems. It also contains obligations which apply in connection with general-purpose AI models. The AI Act has explicit extra-territorial effect, which means […]

CBDF Research Fellow Theodore Christakis Publishes Study on Cross-Border Data Transfers and the EU’s “Zero Risk” Approach

February 20, 2024 By Peter Swire, Alice Portnoy and David Keating

Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on cross-border transfers of personal data and the EU’s data protection authorities’ “Zero Risk” theory developed since the CJEU Schrems II Judgment. Prof. Christakis looks […]