On 14 January 2025, the UK government launched a public consultation on proposed legislative measures to combat the ever-increasing threat of ransomware. With these proposals, the UK government is seeking to step up its efforts to understand, deter and prosecute ransomware attacks by gathering more information from victims and undermining…
With the deadline for Member States to transpose the European Union’s updated Network and Information Systems Directive (Directive (EU) 2022/2555) (“NIS 2” or “Directive”) into national law having passed on 18 October 2024, organisations operating in or servicing the EU market face significant new cybersecurity obligations. The revised Directive, which…
On October 9, 2024, the European Data Protection Board (“EDPB”) issued an Opinion 22/2024, offering guidance on the use of processors and sub-processors by controllers. Here are the key takeaways: If Your Business Acts as a Controller You Make the Final Call: Your processor might recommend using a particular sub-processor,…
The European Council and European Parliament have reached a provisional agreement on the European Health Data Space (“EHDS”). See our recent article on the draft text – Shaping the Future: the European Health Data Space. The main objectives of the EHDS is to improve individual access and control over patient…
The European Commission published a proposal on 03 May 2022 for a regulation to create a European Health Data Space (“EHDS”). This proposed EU regulation establishes a health-specific ecosystem of rules, common standards and practices, infrastructures, and a governance framework, which processes a wide range of electronic health data and…
As we kick off 2024, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. Will AI continue to be the trendsetter, even among privacy regulators? And what will businesses do to keep up to date with all emerging laws,…
On December 7, 2023, the Court of Justice of the European Union (“CJEU”) delivered a landmark decision against SCHUFA Holding AG (“SCHUFA”) that will likely impact how the EU General Data Protection Regulation (“GDPR”) applies to credit scoring agencies. In the decision, OQ v. Land Hessen, the CJEU decided that…
On 21 September 2023, the UK government announced the UK Extension to the EU-US Data Privacy Framework (DPF), i.e., the US-UK data bridge (Data Bridge). The Data Bridge will go live on 12 October 2023 and will enable UK organisations to transfer personal data to organisations in the US that…
Case Law Updates and Fines On October 10, 2023, the Italian data protection authority (Garante) announced in its newsletter its Decision No. 405, as issued on September 14, 2023, in which it imposed a fine of €90,000 on GFB One s.r.l., for violations of the GDPR and the Personal Data…
Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines The Office of…