Episodes
The Fieldfisher Silicon Valley team delve into the final decision issued by the UK Information Commissioner's Office (ICO) in relation to Snap's data protection impact assessment (DPIA) for its MyAI chatbot. Megan Ward and Hannah El Gazzar discuss how Snap's initial DPIA fell short of the UK GDPR requirements and why the ICO concluded that Snap's revised DPIA was compliant, and highlight the learning points for organisations conducting DPIAs, particularly when that DPIA relates to AI powered ...
Published 09/12/24
It's finally here - the EU's Artificial Intelligence Act (EU AI Act) has now been published in the Official Journal of the European Union and will enter into force on the 1st of August 2024. So what happens now?In this episode, we explore what the timeline for implementation of the Act looks like, what are the priorities businesses need to be considering now, and what steps they can be taking now in order to prepare. Cutting through hundreds of pages of new law, Fieldfisher's Flick Fish...
Published 07/18/24
On April 17, 2024, the European Data Protection Board (EDPB) published its guidance on "consent or pay" models implemented by large online platforms for behavioral advertising. The headline is that, in the EDPB's opinion, in most cases it will not be possible for large online platforms using "consent or pay" models to demonstrate that they have obtained valid consent under European data protection law to process an end user's data for the platform's behavioural advertising purposes. &nb...
Published 05/10/24
In this episode of Fieldfisher's Bytesized Legal Updates podcast, James Russell and Paul Lanois, technology and data specialists at Fieldfisher Silicon Valley, discuss the UK's recent guidance on loot boxes in video games.
They explore the industry's self-regulatory approach, transparency standards, probability disclosures, and responsible play. The guidance, which provides 11 principles, aims to bring clarity to the legal grey area surrounding Loot Boxes. James and Paul highlight the...
Published 03/05/24
The recent guidance issued by the Spanish Data Protection Authority (DPA) on cookies proposes a new exemption for analytics cookies used for strictly limited first party anonymised and aggregated statistical purposes.
In this episode of Fieldfisher's Bytesize Legal Update podcast, legal advisor Pardeep Dhanoya and senior associate Andrea Ortega provide an overview of the EU and UK cookie rules and explain what cookies are exempt from user consent. They also outline how the recent guidance...
Published 02/16/24
The French data protection authority, the CNIL, has fined Amazon France Logistique €32 million for its use of excessively intrusive employee monitoring systems and failing to provide transparency and adequate security to personal data in relation to the use of video surveillance systems, in breach of the GDPR.
In our latest Bytesize Legal Update, Fieldfisher's Moira Campbell and Eilish Beeby discuss the key takeaways from the decision and what the practical implications are for businesses.
Published 02/13/24
The FTC's proposals to amend COPPA and the updated Information Commissioner's Opinion on Age Assurance, are just two of the most recent updates in the area of Age Assurance. With governments and regulators heavily prioritising children's data and their online safety, understanding when you need to implement Age Assurance and how to select the most appropriate method for your business is increasingly important.
In this Bytesize Legal Update, Fieldfisher's James Russell and Lorna Cropper...
Published 01/19/24
The recent ruling by the Court of Justice of the European Union (CJEU) decision in the Lithuanian Ministry of Health case grapples with the definition of "controllership" under the GDPR. In this case, nearly 4,000 users' personal data had been collected by a Covid-19 mobile app released to the public without the Lithuanian Ministry's express approval, and yet the Lithuanian ministry were still held liable for the processing.
In this Bytesize Legal Update Fieldfisher's James Russell and...
Published 01/12/24
The Court of Justice of the European Union handed down two landmark judgments last week aimed at the credit reference agency SCHUFA which considers what constitutes automated decision-making under Article 22 of the GDPR, and the issues around the lawfulness of retaining public registry data for commercial purposes.
In our latest ByteSize Legal Update episode, Fieldfisher's Megan Ward and Flick Fisher discuss the two judgments on the SCHUFA case and why they are important for companies that...
Published 12/15/23
In this latest podcast Oliver Proust, a Partner in Fieldfisher's Technology and Data team based in our Brussel's office, delves into the latest developments surrounding the EU AI Act.
Olivier provides a comprehensive overview of the key provisions and implications of this ground breaking legislation that aims to regulate artificial intelligence (AI) systems and their applications. Join us as we explore the classification of AI systems, the territorial scope of the AI Act, its enforcement...
Published 12/14/23
The Data Act seeks to optimize and leverage the volumes of data (both personal and non-personal) created within the IoT market in order to improve data accessibility to individuals, businesses and governments and create interoperability standards for data sharing. The Data Act also looks to redress contractual arrangements with cloud hosting, by promoting choice within the market and protecting SMEs from imbalanced contractual terms.
In this Bytesize Legal Update, Fieldfisher's James Russell...
Published 11/27/23
It's official - the UK's Online Safety Act (OSA) has finally recieved Royal Assent - clearing the last hurdle to become law in the UK. So what happens now?
In our last podcast episode, we explored the Online Safety Bill's journey through Parliament, which businesses would be caught by the legislation and what information was still to come. This time, we take a look at the latest timelines for implementation released by the UK's regulator, Ofcom, and what these now mean for businesses who...
Published 10/29/23
Clearview AI, a US-based facial recognition technology firm, has successfully challenged a £7.5 million fine imposed by the UK's privacy watchdog, the Information Commissioner's Office (ICO), for unlawfully storing facial images of UK citizens.
The first-tier tribunal concluded that the ICO "did not have jurisdiction" to issue a fine or take enforcement action, despite Clearview's processing of data pertaining to individuals in the UK; but also made a number of interesting findings...
Published 10/25/23
After a long series of delays, the UK's Online Safety Act (OSA) has finally finished its journey through Parliament, and just awaits Royal Assent to become law.
Like Europe's Digital Services Act (DSA), the UK law aims to tackle the challenge of online harms and protect vulnerable groups online, but varies significantly in both its scope of application and range of imposed obligations.
Now in (almost) its final form – who does the Act apply to? When can we expect it to take effect? And...
Published 09/28/23
Four new enforcement decisions by Swedish regulator bring the issue of using Google Analytics in Europe back into question. Following the French, Italian and Austrian decisions last year, the Swedish regulator imposed fines on two of the companies, but not the others.
Does the lack of fines suggest the use of Google Analytics will increasingly be permitted? Does this open the door for broader use of the tool in the region?
In our latest Bitesize Legal Update, Fieldfisher's Robert Fett and...
Published 07/19/23
On June 13, the Swedish data protection regulator issued Spotify a fine of 58 million SEK (approx $5.4 million USD) for failures in its data subject rights process. In particular, violations of Article 15 and Article 12(1) of the GDPR.
What is the legal significance of the case? What did the court have to say about Spotfy's "multi-channel" approach; and the cost of preparing local language translation? What does it mean for businesses receiving data subject access requests?
In our latest...
Published 07/14/23
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-US Data Privacy Framework (DPF). The DPF replaces the Privacy Shield Framework (Privacy Shield) which was invalidated by the Schrems II decision of the Court of Justice of the European Union (CJEU) in July 2020.
How is the DPF different to the Privacy Shield? When will it be implemented? And what do you need to do to get certified?
In our latest Bitesize Legal Update, Fieldfisher's Mark Webber...
Published 07/13/23
On 22 May 2023, the Irish DPC announced it had fined Meta €1.2bn for infringement of Article 46(1) GDPR when it transferred personal data from the EU to the USA.
What is the legal significance of the case? Going forward, what does it mean for businesses who transfer their data abroad?
In our latest Bitesize Legal Update, Fieldfisher's Natalie Farmer and Richard Lawne cut right to the chase, and discuss the key takeaways for businesses wanting to understand what the decision means for them.
Published 06/02/23
Flick Fisher and Natalie Farmer discuss the new EU ruling providing welcome clarification on the standard for anonymization. In this case the EDPS had decided data transmitted to the recipient was pseudonymized data simply because SRB held additional information to decode the data. The Court overturned the decision, and our experts help you understand why and what this means for business.
Published 05/24/23