Support Centre

Europe

Insights

On December 22, 2023, the Turkish Personal Data Protection Authority (KVKK) published the Guidelines on the Protection of Privacy in Mobile Applications (the Guidelines) to address the existing and potential risks regarding the protection of privacy in mobile applications and to provide general recommendations to data subjects and data controllers. Melis Mert, of BTS & Partners, provides an overview of the key takeaways and enforceability of the Guidelines. 

Cookies and other tracking technologies are widely used by websites and online services to collect and process personal data of users, such as their preferences, behavior, location, and device information. This data can enable various purposes, such as personalization, analytics, advertising, and security. However, these practices also raise significant privacy and data protection challenges, as users may not be fully aware of or consent to the extent and nature of the data collection and processing and may face difficulties in exercising their rights and choices.

To address these challenges, the EU has adopted two main legal frameworks that regulate the use of cookies and other tracking technologies: the General Data Protection Regulation (GDPR) and the Directive on Privacy and Electronic Communications (the ePrivacy Directive). In this Insight article, Pedro Marques Gaspar, Manager (Digital Regulation) at PwC Spain, discusses the legal framework and best practices for the use of cookies in a privacy-friendly and compliant way.

In a time when digital marketing and visual identity play crucial roles, using employee photos sparks complex questions concerning privacy and data protection. The complexity of this landscape is further emphasized by the ongoing development of rules and regulations. In this Insight article, Elsebeth Aaes-Jørgensen, Partner at Norrbom Vinding, delves into how employers can navigate the delicate balance between their need for visual representation and the essential considerations on how to avoid infringing employees' rights.

Timea Bana, Partner at Dentons, explores the evolving landscape of data protection in the digital age, delving into the significance of European Data Protection Board (EDPB) guidelines to navigate complexities arising from technological advancements, offering clarity for entities such as online advertisers and businesses engaged in digital services.

On January 11, 2024, the European Commission issued a press release marking the entry into force of the Regulation on Harmonised Rules on Fair Access to and Use of Data (the Data Act) on the same date, as part of the European Union's (EU) digital strategy. The Data Act aims to facilitate the exchange of data and will become applicable in 20 months, on September 12, 2025. OneTrust DataGuidance Research gives an overview of the Data Act, with further insights provided by Wim Nauwelaerts, Partner at Alston & Bird. 

On February 13, 2024, the European Data Protection Board (EDPB) published its Opinion on the notion of the main establishment of a controller in the EU under the General Data Protection Regulation (GDPR) (the Opinion). OneTrust DataGuidance Research breaks down the Opinion with expert comments from Philip James and Anna Allen, from Eversheds Sutherland's Global Privacy & Cybersecurity Group.

In today's rapidly evolving digital landscape, the EU stands at the forefront of introducing comprehensive digital and data-related legislation. The EU's intentions are to balance the interests of the data economy, promote fair competition, and protect the rights of individuals. In this article, Theresa Ehlen, Philipp Roos, and John-Markus Maddaloni, from Freshfields Bruckhaus Deringer, delve into the practical implementation of the EU rules for the data and digital landscape.

This Insight article delves into the recent adoption of the Act on the Protection of Whistleblowers (the Act) in Czechia, highlighting changes for employers. It covers key rules, the role of designated competent persons, and control mechanisms, offering practical recommendations for companies adjusting to the new whistleblowing regulations.

Understanding the obligations inherent under the EU Artificial Intelligence Act (the AI Act) is paramount for users and other actors navigating this dynamic landscape.

The AI Act predominantly imposes obligations on 'providers' (developers) rather than on 'users' (deployers) of high-risk artificial intelligence (AI) systems. While some of the risk posed by the systems listed in Annex III comes from how they are designed, significant risks stem from how they are used. This means that providers cannot comprehensively assess the full potential impact of a high-risk AI system during the conformity assessment, and therefore that users must have obligations to uphold fundamental rights as well. The first part of this series on the AI Act explored what types of AI are covered and what obligations are applicable to each AI actor. The second part of this series offered a brief explanation of the profound importance of providers' comprehending and adhering to the provider obligations. In the third and final article of this series, Sean Musch and Michael Charles Borrelli, from AI & Partners, and Charles Kerrigan, from CMS UK, explore the significance of comprehending these provider obligations and places them in the broader context of the ever-evolving AI terrain.

In this Insight article, Sarah Cameron and Krish Khanna, from Pinsent Masons LLP, delve into the intricacies of global artificial intelligence (AI) regulation, examining diverse national approaches and their implications for businesses, standards, and international collaboration.

In this Insight article, Joanne Bone, Partner at Irwin Mitchell LLP, explores the impending data protection law reform in the UK, focusing on the proposed replacement of data protection officers (DPOs) with senior responsible individuals (SRIs).

The EU Artificial Intelligence Act (AI Act) is part of the overarching EU Digital Strategy. The strategy 'focuses on putting people first in developing technology, and defending and promoting European values and rights in the digital world.'1

On December 8, 2023, after an extensive discussion that lasted several days and was preceded by months of intense negotiations, the EU Parliament, Council, and Commission announced that they had reached a provisional agreement on the AI Act. 

This is not the end of the legislative process since this is only a political agreement, and for the AI Act to become EU legislation both the Parliament and Council are required to formally adopt the same. A reasonable forecast is that enactment will take place by the end of 2024, but it remains to be seen how discussions will proceed. These discussions will be focused on the actual text of the AI Act, which may be different from the text that is available today. In this Insight article, Francesca Gaudino, from Baker & McKenzie LLP, comments on the current text of the AI Act, which may be amended upon formal adoption by the Parliament and Council. 

Feedback