The European Union is on the verge of enacting the landmark Artificial Intelligence Act (AI Act), which will—for better or worse—usher in a suite of new obligations, and hidden pitfalls, for individuals and firms trying to navigate the development, distribution, and deployment of software. Over the coming months, we will be delving into the nuances ... Navigating the AI Frontier, Part I
A year ago, we cautioned that the EU Cybersecurity Certification Scheme for Cloud Services (EUCS) threatened to embed ill-conceived economic protectionism into the EU’s cybersecurity rules. And, indeed, the European Commission, which has made clear its commitment to pursue “digital sovereignty” for the European Union, can claim some preliminary successes on that front. A recent ... EU’s Cybersecurity Draft Shifts Toward Hard Protectionism
The digital transformation of Europe—and, indeed, the world—has been a defining theme of the 21st century. As with all significant shifts, it has also come with its share of challenges, opportunities, and controversies. One such controversy that has recently reemerged is the so-called “fair share” proposal for network traffic—championed most recently in a statement from ... How ETNO’s ‘Fair Share’ Proposal Threatens Europe’s Digital Future:
With the European Commission’s recent announcement that it had deemed the revamped data-protection framework from the United States to be “adequate” under the European Union’s stringent General Data Protection Regulation (GDPR), the stage is set for what promises to be a legal rollercoaster in the European Court of Justice (CJEU). The Commission’s decision is certain ... Will the EU-U.S. Data Privacy Bridge Hold?
The Norwegian Data Protection Authority (DPA) on July 14 imposed a temporary three-month ban on “behavioural advertising” on Facebook and Instagram to users based in Norway. The decision relied on the “urgency procedure” under the General Data Protection Regulation (GDPR), which exceptionally allows direct regulatory interventions by other national authorities than the authority of the country ... Norwegian Decision Banning Behavioral Advertising on Facebook and Instagram
The CJEU’s Decision in Meta’s Competition Case: Sensitive Data and Privacy Enforcement by Competition Authorities (Part 2)
Yesterday, I delved into the recent judgment in the Meta case (Case C-252/21) from the Court of Justice of the European Union (CJEU). I gave a preliminary analysis of the court’s view on some of the complexities surrounding the processing of personal data for personalized advertising under the GDPR, focusing on three lawful bases for ... The CJEU’s Decision in Meta’s Competition Case: Sensitive Data and Privacy Enforcement by Competition Authorities (Part 2)
The CJEU’s Decision in Meta’s Competition Case: Consequences for Personalized Advertising Under the GDPR (Part 1)
Today’s judgment from the Court of Justice of the European Union (CJEU) in Meta’s case (Case C-252/21) offers new insights into the complexities surrounding personalized advertising under the EU General Data Protection Regulation (GDPR). In the decision, in which the CJEU gave the green light to an attempt by the German competition authority (FCO) to ... The CJEU’s Decision in Meta’s Competition Case: Consequences for Personalized Advertising Under the GDPR (Part 1)
The European Commission’s recently concluded consultation on “the future of the electronic communications sector and its infrastructure” was a curious phenomenon in which the commission revived the seemingly dead-and-buried idea of a legally mandated “sender pays” network-traffic scheme, despite the fact that it remains as unpopular and discredited as it was when last discussed roughly ... There’s Nothing ‘Fair’ About EU Telecoms’ Proposed ‘Fair Share’ Plan
The €390 million fine that the Irish Data Protection Commission (DPC) levied last week against Meta marks both the latest skirmish in the ongoing regulatory war on the use of data by private firms, as well as a major blow to the ad-driven business model that underlies most online services. More specifically, the DPC was ... GDPR Decision Against Meta Highlights that Privacy Regulators Don’t Understand ‘Necessity’
European Commission Tentatively Finds US Commitments ‘Adequate’: What It Means for Transatlantic Data Flows
Under a draft “adequacy” decision unveiled today by the European Commission, data-privacy and security commitments made by the United States in an October executive order signed by President Joe Biden were found to comport with the EU’s General Data Protection Regulation (GDPR). If adopted, the decision would provide a legal basis for flows of personal ... European Commission Tentatively Finds US Commitments ‘Adequate’: What It Means for Transatlantic Data Flows
For many observers, the collapse of the crypto exchange FTX understandably raises questions about the future of the crypto economy, or even of public blockchains as a technology. The topic is high on the agenda of the U.S. Congress this week, with the House Financial Services Committee set for a Dec. 13 hearing with FTX ... After the FTX Crash, What’s Next for Crypto?
European Union officials insist that the executive order President Joe Biden signed Oct. 7 to implement a new U.S.-EU data-privacy framework must address European concerns about U.S. agencies’ surveillance practices. Awaited since March, when U.S. and EU officials reached an agreement in principle on a new framework, the order is intended to replace an earlier ... Biden’s Data Flows Order: Does It Comport with EU Law?