Europe

Austria has now implemented the EU Whistleblowing Directive (2019/1937) in the Austrian Whistleblower Protection Act (HinweisgeberInnenschutzgesetz) (the Whistleblowing Act), which came into force in 2023 and adds to a number of sector-specific regulations already in place. Dietmar Huemer and Katharina Spreitzhofer, from Huemer | Legal Solutions, give insights into the application of the new Whistleblowing Act.

April 2024

UK: AI White Paper - the UK's approach to regulating AI

The artificial intelligence (AI) industry in the UK has experienced significant growth over recent years, putting the UK in a strong position in the global AI market. The UK Government has expressed a 'pro-innovation' stance on AI, in terms of public funding, technology policy, and its regulatory approach, and has favored an iterative, sectoral approach to the regulation of AI. The UK's pro-innovation aim is explicit in the Government's white paper on AI regulation (the AI White Paper) and its response to the AI White Paper consultation, published in February 2024 (the Response). Amy Smyth, from Latham & Watkins LLP, discusses the key ideas of the AI White Paper and the Response and compares the UK's AI regulatory landscape to other approaches around the globe.

April 2024

Turkey: A comprehensive guide to the amendments to the personal data protection law

In pursuit of a longstanding governmental objective to converge with EU legislation, notably the General Data Protection Regulation (GDPR), substantial revisions have been made to the Personal Data Protection Law No. 6698 (the Law). Published in the Official Gazette in March 2024, these amendments represent a concerted effort to align the Law with the GDPR principles, particularly focusing on addressing specific contentious issues. Yücel Hamzaoğlu, Partner at Hamzaoğlu Hamzaoğlu Kınıkoğlu Attorney Partnership, takes a look at the amendments and their impact on the current provisions.

April 2024

EU: Mitigating the risks of the EU's high-risk AI systems requirements

In this Insight article, Iain Borner, Chief Executive Officer at The Data Privacy Group, delves into the transformative impact of the EU Artificial Intelligence Act (AI Act), which establishes a regulatory framework aimed at fostering trustworthy artificial intelligence (AI) aligned with European values. With a focus on high-risk AI systems, the AI Act introduces mandatory compliance processes and provisions, setting a precedent for ethical innovation that prioritizes people's rights and safety.

April 2024

International: A comparative analysis of the GDPR and India's DPDPA

In this article, Arun Babu and Gayathri Poti, from Kochhar & Co., delineate the primary disparities between the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR) from a business perspective, analyzing the rationale behind these distinctions and their practical implications.

April 2024

EU: New opinion of the EDPB on valid consent in the context of consent or pay models implemented by large online platforms

On April 17, 2024, the European Data Protection Board (EDPB) published the Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms. The supervisory authorities of some EU Member States asked the EDPB to issue this opinion in order to obtain clarity on the circumstances in which consent or pay models for behavioral advertising can be used by large online platforms on the basis of valid consent or under which circumstances valid consent can be given in such cases. According to the supervisory authorities, there is no uniform answer to this question. However, the clarification is particularly relevant for the general application of the principles on the concept of consent. Dr. Carlo Piltz and Alexander Weiss, from Piltz Legal, unpack the opinion, looking specifically at the opinion's implications on both platforms and European legal frameworks.

April 2024

EU: Understanding valid consent in 'consent or pay' models used by large online platforms

On April 17, 2024, the European Data Protection Board (EDPB) published Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms. In this Insight article, OneTrust DataGuidance provides an overview of the opinion.

April 2024

UK: CMA report on AI Foundational Models

In this Insight article, Omar Shah, Vishnu Shankar, Jack Ashfield, and Nina Jayne Carroll, of Morgan, Lewis & Bockius LLP, discuss the UK Competition and Markets Authority's (CMA) initial report on AI Foundation Models (the FM report) published in September 2023. This report provided the CMA's early views on how foundation models (FMs) are developed and deployed as well as potential future regulatory interventions. This Insight article considers the key takeaways that market players in the artificial intelligence (AI) space should be mindful of as increased regulatory scrutiny persists.

April 2024

EU: The AI Act - the first regulatory regime for AI across the EU

On March 13, 2024, the European Parliament adopted the European Union's (EU) Regulation laying down harmonized rules on artificial intelligence (AI), commonly known as the Artificial Intelligence Act (the AI Act) (see the European Parliament press release and OneTrust DataGuidance News article). Almost three years after the European Commission's first legislative proposal, and after the EU legislators reached a political agreement on the key aspects of the AI Act in December 2023 in the course of the trilogue following months of negotiations, the world's first comprehensive regulatory framework for AI has officially been approved.

This Insight article addresses the most important questions as to what companies and other entities should know and consider when conducting any activities involving AI. Valentino Halim, Junior Partner at Oppenhoff & Partner, unpacks the AI Act and provides insight into the scope and key obligations of the new regulatory framework for AI at the EU level.

April 2024

Turkey: The evolving approach to AI governance

Artificial intelligence (AI) is rapidly transforming various sectors globally, and Turkey is no exception. As the adoption of AI technologies accelerates, governments worldwide are addressing the need for comprehensive regulations to ensure ethical and responsible AI development and deployment. Yücel Hamzaoğlu and Melike Hamzaoğlu, from Hamzaoğlu Hamzaoğlu Kınıkoğlu Attorney Partnership, delve into the current state of AI regulation in Turkey, examining guidelines, existing legislation, and the influence of the EU AI Act.

April 2024

EU: Navigating the AI Act - a comparative analysis: EU AI Act vs NIST's AI RMF

The first part of this series on the EU's Artificial Intelligence Act (AI Act) explored the covered types of artificial intelligence (AI) and the corresponding obligations of each AI actor. The second part of this series provided a brief explanation of the importance for providers to comprehend and adhere to their obligations. In the third installment, we examined these provider obligations within the broader context of the evolving AI landscape. In the fourth article of this series, Starr Drum, Shareholder at Polsinelli PC, compares the AI Act with the National Institute of Standards and Technology's (NIST) Artificial Intelligence Risk Management Framework (AI RMF 1.0) (AI RMF). Through an exploration of their distinct features and complementary aspects, this article provides essential insights for organizations navigating AI governance.

As the adoption of AI accelerates globally, regulatory and voluntary frameworks play a crucial role in ensuring responsible and trustworthy AI deployment. This comparative analysis of the EU's AI Act against the NIST's AI RMF sheds light on the similarities and differences between these two influential guideposts, providing insights for organizations navigating the complex landscape of AI governance.

April 2024

UK: Data Protection and Digital Information Bill - have the 'commonsense' changes created an 'innovative' data protection regime for post-Brexit UK?

The Data Protection and Digital Information (No. 2) Bill was first introduced to Parliament by the UK Government on March 8, 2023. Following consultation and progress through Parliament, the UK Government unveiled a raft of changes to the proposal in November 2023, renaming the legislation the Data Protection and Digital Information Bill (the Bill), all of which it deemed 'commonsense.' In its 'Changes to data protection laws to unlock post-Brexit opportunity' press release of the same date, the UK Government indicated that the changes would 'safeguard the public, prevent fraud, and unlock Brexit opportunities' creating an 'innovative data protection regime' that will 'allow the country to realize new post-Brexit freedoms which are expected to deliver new economic opportunities…of at least £4 billion.' This is all part of the UK's ambition to be a business-friendly jurisdiction for technology innovation.

The Bill is expected to become law this spring. In a prior piece, we scrutinized the impact of some of the Government's pro-business ambitions for the prior version of the Bill. Below, Natalie Farmer, Director and Foreign Legal Consultant at Fieldfisher (Silicon Valley) LLP, examines a number of the latest changes and whether they can deliver the innovation and opportunities promoted by the UK Government's press release. It is worth keeping in mind that changes to the UK data protection regime that result in a watering down of protections for the individual may cause the UK to lose its adequacy status, restricting the free flow of data between the EU and the UK. Such a result is unlikely to translate to 'economic opportunities' for UK businesses trading with the bloc.

Europe

Browse more content in Europe

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us