EU Commission Invites Stakeholders Feedback on Draft AI Regulation

On April 26, 2021, the European Commission announced that its draft proposal for the new EU Artificial Intelligence Regulation (“Draft AI Regulation”) is currently indicated to be open for feedback until July 15, 2021.* The Draft AI Regulation was published on April 21. Please refer to our blog post here that provides an overview of the Draft AI Regulation and its potential impact.

(more…)

Developments in Cookie Regulation: French CNIL Declares Intent to Audit Websites for Cookie Compliance

On April 2, 2021 the French Data Protection Authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) published its intent to start auditing websites for compliance with cookie regulations. This publication comes following a large number of developments and actions taken by the CNIL to further improve and guide organizations through cookie compliance. The CNIL had issued several recommendations, guidelines and cookie tools to raise awareness on the importance of this topic, with a final set of guidelines published on October 1, 2020 following public consultation rounds (“Cookie Guidelines”). The CNIL had determined that a 6-month grace period would apply following publication of the Cookie Guidelines. This grace period ended on April 1, 2021 and the CNIL now expects companies to be compliant with its recommendations and guidelines. The CNIL has confirmed that it may make use of the totality of its corrective powers to remedy non-compliance with the rules, including issuing (public) sanctions. In light of the increase in scrutiny on cookies in the EU (and the US pursuant to certain state laws), organizations with websites / platforms operating in the EU (and U.S.) may want to reconsider their cookie practices and start carrying out cookie audits.

(more…)

EU Commission Issues Draft AI Regulation

On April 21, 2021, the European Commission (EC) issued its eagerly awaited draft proposal on the EU Artificial Intelligence Regulation (Draft AI Regulation) – the first formal legislative proposal regulating Artificial Intelligence (AI) on a standalone basis. The Draft AI Regulation is accompanied by a revision of the EU’s rules on machinery products, which lay down safety requirements for machinery products before being placed on the EU market. The new draft Machinery Products Regulation – proposed by the EU Commission on the same day – intends to tackle safety issues that arise in emerging technologies. The Draft AI Regulation (which appears to have borrowed a number of principles from existing EU legislation, including the EU General Data Protection Regulation 2016/679 (GDPR)) has an intentionally broad scope, and regulates the use of AI in accordance with the level of risk the AI system presents to fundamental human rights and other key values the EU adheres to. AI systems that are considered to present an “unacceptable” level of risk are banned from the EU, and “high-risk” systems are subject to strict requirements. AI systems which are considered to present a lower risk level are subject to transparency requirements or are not regulated at all. Companies engaged in the development, manufacturing, importation, distribution, servicing, and use of AI – irrespective of industry – should assess to what extent their products are implicated and how they will address any regulatory requirements they are subject to. The Draft AI Regulation foresees maximum administrative fines of up to €30m or 6% of total worldwide annual turnover in the event of non-compliance – meaning fines are higher than the ones under the GDPR.

(more…)

EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

On 13 April 2021, the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions: (i) Opinion 14/2021 for transfers of personal data under the EU General Data Protection Regulation (EU GDPR); and (ii) Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive (LED).

(more…)

Part I – Digital Health Passports in Europe: Facilitating a Return to the “New Normal” or an Intrusion of Privacy?

With the roll-out of the COVID-19 vaccine and the start of easing of social distancing measures, the latest initiative being considered at a national as well as an international level is the introduction of so-called “digital health passports” or “immunity passports,” i.e., a tool to record and share the immune status of an individual whether by virtue of a COVID-19 test result or vaccination record – indeed, it is estimated there are currently more than 70 digital health passports and 14 vaccine passport apps in operation globally. However, the privacy concerns (and indeed the broader ethical implications) of introducing such measures, without the implementation of appropriate safeguards are significant and a current topic of intense debate.

(more…)