Aug. 5, 2020

Early EDPB Guidance in the Wake of Schrems II Signals Where E.U.-U.S. Data Transfers Are Headed

Responding to the cry for clarity that emerged after the E.U. Court of Justice handed down its judgment in Schrems II, the European Data Protection Board quickly addressed businesses’ most urgent concerns by answering frequently asked questions. The EDPB favored speed over substance in publishing its initial responses, although it did commit to further developing and complementing the guidance in the near future, Alston & Bird Brussels office partner Wim Nauwelaerts argues in this guest article. Nauwelaerts reviews the impact of the Schrems II decision, analyzes the EDPB’s FAQs and discusses what lies ahead for businesses that want to continue transferring data from the E.U. to the U.S. See “Ten Initial Steps for E.U. and U.S. Companies in Light of Schrems II Ruling” (Jul. 22, 2020).

CCPA and Online Ads: Contract and Compliance Consequences

The combination of the intensifying public push for privacy protection and the CCPA’s strictures around the sale of third-party data has set off an array of commercial, compliance and contracting difficulties across online advertising companies and ad-supported industries. In this article, the second of a two-part series, we look at compliance choices and vendor contract issues facing these groups, including mixed CCPA classifications, data flows, data broker registration and industry competition. Part one discussed the commencement of the California Attorney General’s enforcement of the CCPA’s Do Not Sell provision, uncertainties about the interpretations of third-party sales of data, and Facebook’s new compliance tool for service providers. See “Did Adtech Fix Its CCPA Problem? IAB’s GC Discusses New Contract for Data Sales” (May 27, 2020).

How to Achieve Trustworthy AI Using the European Commission’s Final Assessment List

AI holds exciting possibilities but ensuring AI processes are trustworthy is a challenging task for many companies. An expert group established by the European Commission recently released its final assessment list to help organizations “operationalize” the requirements set forth in its Ethics Guidelines for Trustworthy Artificial Intelligence. This article analyzes the list and features our interview with Gibson Dunn partner Ahmed Baladi on how organizations may use the assessment list, the challenges they may face in using it and how the list gibes with the existing regulatory regime. See “Can GDPR Hinder AI Made in Europe?” (Jul. 10, 2019).

Gibson Dunn Expands Hong Kong Cyber Practice

Connell O’Neill has joined Gibson Dunn as a partner in the firm’s technology transactions practice in Hong Kong, where he also focuses on data privacy, cybersecurity and outsourcing. For more from Gibson Dunn, see our three-part series on how to facilitate a safe and privacy compliant return to work: “Laws and Guidance” (May 13, 2020); “Policies and Protocols” May 20, 2020; “Contact Tracing” (May 27, 2020).

Former Prosecutor Joins FisherBroyles

FisherBroyles has announced its hire of Scott Goldsmith, a former prosecutor whose practice has also focused on data breach and privacy violations, as a partner in its commercial litigation and class action defense practices in Los Angeles. For more from FisherBroyles, see our three-part series on using cyber insurance to mitigate risk: “From Assessing the Need to Managing Existing Policies” (Oct. 3, 2018); “Getting Savvy About Cost and Policy Terms” (Oct. 10, 2018); and “Policy Management and Breach Response” (Oct. 17, 2018).