Peter Swire, Senior Counsel at Alston & Bird, has co-authored a detailed article in Lawfare, “Limiting Data Broker Sales in the Name of U.S. National Security: Questions on Substance and Messaging,” analyzing the Biden Administration’s new Executive Order issued yesterday. Swire’s article summarizes key aspects and impacts of the Executive Order, which is intended to […]
International
Are You Using EU Standard Contractual Clauses for Data Transfers? Be Aware of these Breach Notification Requirements
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the European Commission, the GDPR allows controllers and processors to transfer personal data to a third country outside of the EU only […]
Companies Prepare for Change as EU Legislators Agree on EU Artificial Intelligence Act
On December 8, 2023, following marathon negotiations, European Union (‘EU’) legislators reached a political agreement on the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first comprehensive legal framework on AI systems worldwide, and will impose obligations on both private and public sector actors which develop, import, distribute, or […]
UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the U.S. on the basis of the recently enacted EU-U.S. Data Privacy Framework (“DPF”). The UK Government […]
Council of Europe Launches Model Contractual Clauses for Transfers of Personal Data
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for cross-border data flows (“MCCs”). The MCCs are intended to cover the transfers of personal data to countries that are not parties to […]