On 6 February, the EU’s Advocate General Spielmann provided his opinion (the Opinion) in the case of EDPS v SRB (Case C‑413/23 P), advising that the previous judgment of the General Court be set aside and referred for judgment back to it. The Opinion offers some interesting views on how we should consider the effect of pseudonymising personal data. 

Key Takeaways

  • The Opinion concerns the scope of “personal data” under Regulation 2018/1725 (which is the EU institutions’ equivalent to the GDPR and which mirrors much of the same language and principles as the GDPR). It proposes a broader conceptualisation
Continue Reading One man’s pseudonymisation is another man’s anonymisation: The AG Opinion in SRB v EDPS and the scope of “personal data”

On January 20, in a long-awaited move, the European Commission (EC) announced the integration of the revised Code of Conduct on Countering Illegal Hate Speech Online (the Hate Speech Code) into the regulatory framework of the Digital Services Act (DSA). 

Article 45 of the DSA provides for the formation of voluntary codes of conduct at EU level to ”contribute to the proper application of” the DSA. The Hate Speech Code marks the first Code to be integrated into the DSA framework via the Article 45 process. 

Background

The Hate Speech Code revises and

Continue Reading EU’s Code of Conduct Countering Online Hate Speech Becomes Part of the DSA

On 27 November, the final text of the EU’s Data Act (the Act) was formally approved by the European Parliament and the European Council. 

It will enter into force 20 days after its publication in the EU’s official journal, which is expected in the coming days. However, the majority of its provisions will only apply 20 months after it enters into force.

Scope of the Act

The Act, which takes the form of a directly applicable EU regulation, has three central focuses:

  1. remove obstacles to the process of switching between providers of “data processing services”  and the
Continue Reading Final text of the EU’s Data Act approved

At the start of November, the UK government hosted an AI Safety Summit, intended to provide a forum for in-depth discussions on the challenges and opportunities of AI technology. It attracted a wide array of senior stakeholders from across policy, business, academia and government and appears to show a UK desire to lead in this area.

The opening day of the Summit saw the unveiling of the Bletchley Declaration (the Declaration) – a non-binding commitment agreed by the 27 countries whose delegates attended the Summit including USA, China, India and the EU.

Although a voluntary declaration, lacking any real “legislative

Continue Reading The Bletchley Declaration: further evidence of the global legislative focus on Artificial Intelligence

This is Part 1 in our series focused on tracking the development of the EU’s AI Act. The series will provide updates and commentary as the AI Act moves through the EU’s legislative process.

To set the scene, the EU Commission first adopted its Proposal for a Regulation laying down harmonised rules on artificial intelligence (the Proposed Act) back in April 2021. In ways a ground breaking piece of draft legislation, it was one of the first attempts to implement a regulatory framework which was specific to the use of artificial intelligence (AI) technology. This article aims

Continue Reading Tracking the AI Act: Part 1 – How the EU is thinking about regulating the AI sector

Heading into the Christmas period, festive shoppers may notice an increasing number of retailers are offering receipts via email (e-receipts) rather than the traditional paper docket. Providing a receipt through email has a number of advantages for retailers and consumers. There is the obvious environmental benefit and it provides an easier means for customers to store and find receipts than an over-stuffed wallet.

However, new guidance from the Data Protection Commissioner (DPC) has stressed the need for retailers to ensure that when customers provide their details for the purpose of receiving e-receipts, they should be fully informed and consent to how that data may be used. Of central concern is the retailers’ use of email addresses for subsequent direct marketing.Continue Reading DPC publishes guidance on e-receipts