Category: EU

New UK Consumer Laws on Fake Reviews, Subscription Contracts and Drip Pricing: Impact on US Businesses

Share

In May of this year, the UK Government passed the Digital Markets, Competition and Consumers Act (DMCC) into law. The DMCC is wide-ranging and covers three key areas: consumer law, digital markets, and merger and antitrust law.

In the first of our series of blog posts, we set out key points on the significant changes to consumer laws and regulatory enforcement powers of which US businesses selling to UK consumers need to be aware ahead of the law coming into force, which is expected to be later this year.

Continue reading “New UK Consumer Laws on Fake Reviews, Subscription Contracts and Drip Pricing: Impact on US Businesses”

EU Artificial Intelligence Act – Legislation Adopted by the European Council

Share

The long-awaited European Union Artificial Intelligence Act (the AI Act) is nearing implementation following its adoption by the European Council yesterday (21 May 2024). This signals the completion of the final major stage of the European Union (EU) legislative process and the AI Act is expected to enter into force imminently. We considered the impact of this legislation in detail in our previous article: EU Artificial Intelligence Act — Final Form Legislation Endorsed by European Parliament.

The only remaining formalities are the signature of the President and Secretary-General of the European Parliament and Council and publication in the Official Journal, which is expected to happen in the coming days. The AI Act will enter into force 20 days after this takes place. The AI Act will become fully applicable 24 months after its entry into force (June 2026). However, some provisions will apply before that date.

Continue reading “EU Artificial Intelligence Act – Legislation Adopted by the European Council”

UK AI Regulation Bill Proposes New AI Regulator

Share

While the focus of attention in the world of AI has been the EU AI Act: EU AI Act Agreed – Discerning Data in recent weeks, there have also been some other noteworthy legislative developments. On 22 November 2023, the Artificial Intelligence (Regulation) Bill (the “Bill”) was introduced to the UK Parliament and passed the first reading in the House of Lords. The Bill seeks to establish a central AI authority (“AI Authority”) to oversee the UK’s regulatory approach to AI. The proposal for an AI Authority comes after the UK Government formally announced a UK AI Safety Institute at the global AI Safety Summit at Bletchley Park (summarised here).

Whilst the Bill largely reflects the approach of the UK Government, this is a Private Members’ Bill (“PMB”). PMBs are legislative proposals introduced into one of the UK Houses of Parliament by ‘backbench’ members (members who are not Government Ministers). Most PMBs fail to pass unless the UK Government steps in to support their progress through the legislative process.

Continue reading “UK AI Regulation Bill Proposes New AI Regulator”

EU AI Act Agreed

Share

Late on Friday (December 8th), the European Union Commission, Parliament and Council concluded its “trilogue” negotiations for the EU Artificial Intelligence Act. The summary below is based on the information available to date. It will be some time before the definitive text is finalized and released since it will have to go through various committee stages and its legal language finalized in multiple languages.

Prohibited AI Applications

The following applications of AI will be prohibited:

Continue reading “EU AI Act Agreed”

The European Commission Adopts Adequacy Decision on EU-U.S. Data Privacy Framework

Share

On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from the EU to the U.S. This means that companies that participate in the DPF are able to transfer data from the EU to the U.S. without relying on another data transfer mechanism, such as Standard Contractual Clauses (SCCs) or binding corporate rules (BCRs).

Background to the Adequacy Decision

Pursuant to Article 45(3) of the GDPR, the European Commission has the power, by means of an adequacy decision, to decide that a non-EU country has sufficient standards of data protection to be treated as equivalent to those afforded in the EU.

Continue reading “The European Commission Adopts Adequacy Decision on EU-U.S. Data Privacy Framework”

Österreichische Post: The CJEU Specifies the Requirements for Compensation for Breaches of the GDPR

Share

On 4 May 2023, the European Court of Justice (CJEU) delivered its highly anticipated judgement in Österreichische Post (Case C-300/21) on a crucial issue: the extent to which data subjects affected by a breach of the GDPR have a right to compensation for non-material damage under Article 82 GDPR.

Background

The underlying case arose from a data subject in Austria seeking 1,000 EUR ($1,009) in compensation for alleged non-material damages arising from Österreichische Post’s processing of his personal data for the purposes of political advertising. The individual had not consented to the processing and claimed that he felt offended by the fact that an affinity to a certain political party was attributed to him, alongside feelings of great upset, loss of confidence and exposure caused by the retention of his data on these supposed political opinions.

Continue reading “Österreichische Post: The CJEU Specifies the Requirements for Compensation for Breaches of the GDPR”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy