On July 12, 2024, the European Union’s long-awaited Artificial Intelligence Act (AI Act) was finally published. It will enter into force on the twentieth day following its publication; i.e., on August 1, 2024. The AI Act is a landmark legal framework that imposes obligations on both private and public sector actors that develop, import, distribute, […]
International
China Releases Updated Regulations on Permits Needed for Transferring Data out of China
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data protection laws (the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law), and take precedence over previously-issued data transfer rules, such as (a) […]
European Parliament Approves EU Artificial Intelligence Act
On March 13, 2024, the European Parliament approved the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first comprehensive legal framework worldwide that specifically regulates AI systems. It will impose obligations on both private and public sector actors which develop, import, distribute, or use in-scope AI systems. Like the […]
Article: Executive Order to Limit Sales of Americans’ Sensitive Data to Adversarial Foreign Governments
Peter Swire, Senior Counsel at Alston & Bird, has co-authored a detailed article in Lawfare, “Limiting Data Broker Sales in the Name of U.S. National Security: Questions on Substance and Messaging,” analyzing the Biden Administration’s new Executive Order issued yesterday. Swire’s article summarizes key aspects and impacts of the Executive Order, which is intended to […]
Are You Using EU Standard Contractual Clauses for Data Transfers? Be Aware of these Breach Notification Requirements
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the European Commission, the GDPR allows controllers and processors to transfer personal data to a third country outside of the EU only […]