As the European Artificial Intelligence Act (AI Act) comes into force, tech companies need to be aware of the new requirements for general-purpose AI models and systems. These are the rules that aim to balance the benefits and risks of AI. In this article, we’ll explain what these requirements are and how they affect your business.
Anna Levitina
If your US-based business handles data from European customers, you need to be aware of the General Data Protection Regulation (GDPR). This regulation extends beyond Europe and has practical implications for businesses worldwide. Here’s a guide to help you understand two crucial aspects of GDPR compliance: privacy notices and the requirement for a data protection representative in the European Union (EU).
The European AI Act introduces new requirements for developing and using AI systems. Similar to the GDPR, the AI Act impacts businesses outside Europe. Since many AI applications involve personal data, both the AI Act and GDPR will often apply.
This article aims to provide practical guidance for businesses that supply or purchase hardware and software and explores warranties in software and hardware supply contracts – what they cover, common warranties and warranty disclaimers, and practical tips to help you understand these contractual terms.
AI technologies, especially Large Language Models (LLMs), are becoming integral to various applications, from customer service chatbots to complex analytical tools. However, their use raises significant data protection concerns. The Conference of Independent Federal and State Data Protection Supervisory Authorities in Germany recently released a guide on AI and data protection, providing a detailed framework for using AI in compliance with data protection laws.
In Switzerland, personal data may not be transferred to countries lacking adequate levels of data protection unless specific protections are ensured. The Federal Act on Data Protection (FADP) stipulates that personal data originating from Switzerland must receive comparable levels of protection when it crosses borders as it does within the country.
As generative artificial intelligence (GenAI) becomes integral to various industries, understanding its mechanics and associated intellectual property (IP) implications is essential for businesses. This article explores GenAI applications from an intellectual property perspective, highlighting key considerations for EU businesses involved in contracting or providing AI services.
The new Swiss Data Protection Act introduces several key provisions, including the requirement for entities processing personal data to maintain detailed records of their data processing activities. The regulation outlines specific elements that must be included in the records of data processing, such as the objectives behind data processing, the varieties of personal data processed, and particulars of data transfers to foreign territories, among other requirements.
A data protection impact assessment is about foresight. It’s about spotting data protection issues early on, simplifying solutions, and cutting costs. Think of it as the planning stage of your hike, where you assess the path for potential hazards. Just as you’d want to know about a washed-out bridge on your hiking route in advance, data protection impact assessments help catch problems before they become complex and expensive.
A software licence is an agreement between the creator or provider of the software (the licensor) and the user (the licensee). Unlike buying a physical product, purchasing software doesn’t transfer ownership of the software itself to you. Instead, you’re granted permission to use the software according to specific terms and conditions laid out in the licence agreement.
In January 2024, the European Data Protection Board (EDPB) released a significant report following an extensive review of Data Protection Officers’ (DPOs) roles across the EU. This article aims to break down the report’s findings and offer straightforward advice for DPOs and businesses looking to improve their data protection efforts.
In today’s fast-paced digital world, the hunt for information drives businesses to adopt innovative techniques like data scraping. This method, which automates the extraction of vast amounts of information from digital platforms, is a game-changer for anyone looking to gain insights, generate leads, or simply stay ahead in the market. However, as handy as data scraping can be, it treads a fine line within the complex web of European legal standards, particularly when it comes to privacy and intellectual property rights. Let’s dive into the world of data scraping, understand its legal challenges, and explore how businesses can operate within the bounds of European law.
The General Data Protection Regulation (GDPR) has reshaped the way businesses handle personal data, introducing stricter rules and giving individuals more control over their information. A significant aspect of the GDPR is its provision for class actions, allowing groups of individuals to seek compensation for breaches of their data rights. This development is crucial for businesses to understand, as it brings new challenges and responsibilities.
In an age where data flows seamlessly across borders, safeguarding personal information has become a pivotal concern for businesses worldwide. The General Data Protection Regulation (GDPR), a beacon of data protection laws, casts a wide net to safeguard personal data within and beyond the European Economic Area (EEA). A critical tool in this endeavour is the Transfer Impact Assessment (TIA), a process that scrutinises data transfers to ensure they meet GDPR’s standards.
Legitimate interest is one of the six lawful bases under the GDPR that businesses can use to process personal data. It’s the most flexible basis but comes with an added responsibility to protect the rights and interests of data subjects. This basis is often appropriate when data is used in ways that individuals would reasonably expect and with minimal privacy impact.
In the labyrinth of data protection, a Data Protection Impact Assessment (DPIA) stands out as a vital navigational tool. Think of a DPIA as your GPS through the intricate world of data processing – it doesn’t just keep you on the right side of the law but also steers you towards a more trustworthy and transparent relationship with your users. By performing DPIAs, you’re not just ticking a compliance box; you’re heading to smarter data handling, reducing risks, and dodging those hefty non-compliance GDPR fines.
The General Data Protection Regulation (GDPR) has revolutionised the way personal data is handled across the European Union and beyond. A crucial aspect of GDPR compliance is the implementation of various assessments to ensure data protection and privacy. These assessments include the Data Protection Impact Assessment (DPIA), Transfer Impact Assessment (TIA), and Legitimate Interest Impact Assessment (LIA). Each of these plays an important role in safeguarding personal data and ensuring that businesses comply with GDPR requirements.
In an age where data shapes our daily lives, understanding the new European Data Act is crucial for everyone, from business leaders to everyday consumers. This landmark legislation, introduced by the European Union, is set to transform how data is managed, shared, and protected. In this clear and concise guide, we’ll explore what the European Data Act is, why it matters, and how it impacts you.
In the digital age, data protection is a critical aspect of every business operation, especially in recruitment. The UK Information Commissioner’s Office (ICO) has issued detailed guidance on recruitment and selection, focusing on compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This article delves into these guidelines, offering key insights and pragmatic advice for businesses to navigate the complexities of data protection in recruitment.
The roles of Data Protection Officers (DPOs) and representatives stand as critical figures, ensuring businesses navigate the complex seas of compliance. Yet, there often exists a cloud of ambiguity around their distinct functions, responsibilities, and the nuances that set them apart.
With the recent enactment of the new Swiss Data Protection Act (Swiss DPA), which came into effect on September 1, 2023, HR departments in Switzerland are facing a shift in handling employee data. This updated legislation, aligning more closely with the EU’s GDPR, imposes stricter controls and heightened responsibilities on data processors and controllers, including those in HR roles. This article dissects the critical elements of the Swiss DPA, focusing on its impact on HR data privacy and protection practices, and provides actionable recommendations for HR professionals to comply with data privacy and protection standards.
As Artificial Intelligence (AI) cements its role as a cornerstone of innovation across various sectors, the legal frameworks governing its use are rapidly evolving. The landscape is abuzz with legislative developments, such as the proposed AI Act by the European Union and the Biden administration executive order on AI. As lawmakers and industry leaders shape new AI regulations and ethical guidelines, the complexity of AI-related contracts is on the rise. In this article, we’ll explore the key elements that your AI-related contracts should include to be as robust as they are compliant.
In the bustling streets of European cities, behind the screens of tech hubs in Berlin, Paris, and Stockholm, a new technological marvel is taking shape: Generative AI. As businesses across the continent explore the vast potential of this technology, understanding its legal implications is a must. What is special about Generative AI? What legal concerns does it bring? Let’s explore this transformative technology and its implications in the European landscape.
In the digital space, e-commerce platforms are leveraging personalised advertising to enhance customer experiences and boost sales. Retargeting, a form of personalised advertising, has become a game changer, enabling businesses to re-engage potential customers by displaying ads based on their previous online activities. While this approach can significantly uplift conversion rates, it also entails critical considerations regarding data protection and privacy compliance, notably in the light of the General Data Protection Regulation (GDPR).
The year 2023 has marked a significant uptick in GDPR fines, making it the year with the highest penalties for data protection violations. While the world is abuzz with high-profile GDPR fines against tech giants like Meta and Google, it’s crucial to understand that smaller companies are also under regulatory scrutiny.
In today’s evolving technological landscape, Artificial Intelligence (AI) stands out as a revolutionary force, reshaping industries and redefining the boundaries of what’s possible. For software companies, AI offers unprecedented opportunities for innovation. However, with these opportunities come intricate legal challenges that every software company must be prepared to navigate.
Within the world of open-source software, every line of code comes with its own set of rules. Whether you’re an innovative startup crafting the next big app or a seasoned enterprise integrating third-party solutions, understanding the nuances of open-source licenses is paramount. This article is here to help you understand the most popular licenses, their implications, and the practicalities that businesses often overlook. Navigate with confidence and chart a course to licensing clarity.
Email marketing is a powerful business tool for connecting with audiences, boosting brand awareness, and driving sales. However, it’s crucial to assess and handle personal data protection issues carefully when using this strategy.
In the dynamic landscape of cloud-based computing services, organisations have come to rely on the flexibility and scalability offered by various models, such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). However, alongside the advantages these services bring, negotiating contracts that accurately reflect the unique aspects of each model is crucial. This article delves into the differences between SaaS, PaaS, and IaaS, explores the challenges in contract negotiations, highlights essential contractual provisions, and provides practical tips to navigate these complexities effectively.
Revolutionary technologies such as the Internet of Things (IoT) and autonomous vehicles are reshaping industries worldwide. As these innovations advance, understanding and managing liability in contracts becomes paramount for all stakeholders involved. In this article, we provide practical tips to help businesses successfully navigate liability issues within IoT and autonomous vehicle commercial contracts.
In today’s digital age, software has become an integral part of our personal and professional lives. Whether you’re a software developer or a user, you must understand the legal framework governing your software’s use. One crucial legal document that protects both creators and users is the End-User License Agreement (EULA). In this article, we will delve into what EULA is, why you need one, and provide practical business insights into drafting an effective EULA.
Are you aware of the recent changes affecting Swiss data protection regulations? In this article, we explore the revised Swiss Federal Data Protection Act (revFADP), delve into the key changes and explain the main differences between the revFA and the GDPR. Mark your calendars, as the deadline for compliance is fast approaching, on September 1, 2023.
The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation implemented in the European Union (EU) in May 2018. It aims to protect the personal data of EU citizens and residents and ensure that businesses and organisations are held accountable for the way they collect, process, and store this data. It sets out strict requirements for data protection and privacy, and failure to comply can result in significant fines and other penalties – up to €20 million, or up to 4% of the annual global turnover of the preceding fiscal year, whichever is higher – a valid reason to check your data processing practices.
The General Data Protection Regulation (GDPR) has been in place for several years, yet many businesses still struggle to understand whether they can process personal data. While the GDPR provides six lawful bases for data processing, there is a lack of understanding among businesses on which basis they can rely to process data. As a result, companies often add unnecessary consent requests to all their documents, which can cause confusion and frustration for their customers.
Data processing has become an integral part of business operations. With the increased use of cloud-based services and outsourcing, companies must understand the roles of data controllers and data processors and the legal agreement between them, known as a Data Processing Agreement (DPA).
Earlier in our Data Protection Series, we shared some tips on how to obtain valid consent in accordance with the General Data Protection Regulation (GDPR). Today, we want to explore cookies consent banners in light of the latest Report issued by Cookie Banner Taskforce.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
Although the General Data Protection Regulation (GDPR) has been in place for over four years, some concepts and notions are still a topic of hot discussion and continue to confuse stakeholders. Earlier in our data protection series of articles, we addressed the European regulation of cross-border data transfers. In this article, we will shed some light on data controllers’ obligation to implement appropriate technical and organisational measures when processing personal data.
As the world recovers from COVID-19, international travel has picked up again causing airport havoc across the globe. However, some international transfers have continued without interruption –invisible, but significant flows. These are the cross-border personal data transfers that happen every day …
Shortly after Brexit, the UK Government re-evaluated its data protection regime and cross-border data processing. The Government concluded that the EU General Data Protection Regulation (EU-GDPR) was incompatible with the UK and represented an unreasonable administrative burden on businesses, particularly small businesses, including start-ups.