Data subject access requests can be a compliance headache for businesses. The first of our series on DSARs looked at how data protection “by design” can make the job easier. But what about deciding whether or not to resist a DSAR when it actually lands? Dealing with data subject rights requests, or DSARs, is one of the biggest compliance headaches for many businesses ...
This article is part of our EU AI Act series which explores the effect of the AI Act across various industries and sectors. Artificial Intelligence (AI) has revolutionized various industries, garnering considerable hype and widespread discussion. As AI technologies continue to evolve, their integration into various industries has profound implications, particularly for the labour market ...
October 7, 2024 By: Alexandra Shulman and Leah Lively AI in hiring: About 80% of U.S. and almost all Fortune 500 companies use AI-powered hiring software. AI may be used to target online advertising for job opportunities and to match candidates to jobs on employment platforms (e.g., LinkedIn, Indeed). AI may also be used to reject or rank applicants using automated resume screening and chatbots based on knockout questions, keyword requirements, or specific qualifications or characteristics ...
In September 2024, the U.S. Department of Labor (the “DOL”) released Compliance Assistance Release No. 2024-01 and its updated cybersecurity guidance for employers that sponsor employee benefit plans governed by the Employee Retirement Income Security Act of 1974, as amended (“ERISA”) ...
Given the increasing use of GenAI to assist businesses with answering legal queries, we wanted to see if ChatGPT can explain the rules around obtaining retrospective consent for electronic direct marketing in the UK. Electronic direct marketing (i.e. email and SMS) to individual consumers is a vital element of many businesses, particularly in the retail sector ...
The UK GDPR and similar data protection laws around the world ask for data protection by design - but what does this mean in practice when it comes to DSARs? Using products such as Shoosmiths' SmartSAR may be the solution your organisation is looking for. Data protection ‘by design and default’ is a core concept under the UK GDPR and similar laws around the world ...
On 9 September 2024, Mario Draghi, former Italian Prime Minister and European Central Bank President, presented his highly anticipated report on «The Future of European Competitiveness» to European Commission President Ursula von der Leyen [1][2]. This comprehensive report analyzes the challenges faced by European industries and companies in the Single Market and proposes strategies to enhance the EU’s competitiveness [2] ...
The EU's comprehensive data and AI regulatory package is about to become operational. This year, the Krogerus Data Symposium will highlight some of the most impactful changes of the Data Act and the AI Act, which will profoundly influence the application of AI, how companies and communities can utilise IoT data, and how data usage agreements are formed ...
Jersey publishes new guidance on the tokenisation of real world assets (“RWAs”) What is tokenisation? Tokenisation is the process of issuing a digital representation of an asset, typically on a blockchain, and its benefits include allowing investors to own and sell fractions of an asset which may otherwise be illiquid and/or financially unattainable for such investors to own outright ...
Modern data protection rules are being introduced to tax-efficient jurisdictions like Bermuda and the Cayman Islands. It's increasingly vital to understand how to handle data in some less familiar territories for data protection. Advisers are familiar with the data protection laws which apply in the jurisdictions where many commercial businesses operate like the UK Data Protection Act, the UK/EU GDPR and the California Privacy Protection Act ...
The Ministry for Home Affairs, Security and Employment (MHSE) published the proposed Maltese draft order for the transposition of the EU Network and Information Systems Directive II (‘NIS 2’) on 6 September 2024 ...
In this article, Shoosmiths and KPMG explore some of the key policy and business implications for organisations deploying connected and automated mobility (CAM) in the UK market. The Automated Vehicles Act (the AV Act) came into force on 20 May 2024. This important piece of legislation signals a major step towards the widescale adoption and use of CAM within the UK ...
At a time when Canada and many other countries are taking steps to protect users from harm online,1a decision was handed down by the Supreme Court of British Columbia (the “Court”) on January 15, 2024, regarding the conduct of a competitor with respect to complaints about intellectual property infringement made on Amazon’s e-commerce website ...
The European Union's NIS2 Directive is a significant update to the original NIS Directive which was implemented in 2018 and which the NIS2 Directive is set to repeal this autumn. The original NIS Directive was the first EU-wide legislation focusing on network and information system security. The deadline for member states to transpose NIS2 Directive into national law is just around the corner (17 October 2024), and the implementing provisions will be applicable from 18 October 2024 onwards ...
Novel technologies that seek to improve quality of life or simplify complex processes offer great promise. For example, medical technologies that detect or cure disease or supply chain technologies that allow for real time understanding of the location or destination of a specific product — make our lives easier and safer. They also pose potentially unforeseen complications ...
On July 22, 2024, the European Commission approved revised Interpretative Guidelines (the “Guidelines”) on Regulation (EC) No 261/2004 (“Regulation 261/2004”), which address air passenger rights concerning compensation and assistance for denied boarding, cancellations, and delays and on Regulation (EC) No 2027/97 on air carrier liability in case of accidents ...
Carey Olsen assists DeFinity Markets in securing JFSC approval for digital assets settlement platform The Jersey subsidiary of the London-based DeFinity Markets group has been operational in the spot foreign exchange market since 2014 and is connected to some of the world’s most prominent banks. The challenger-model will see investment-grade buy and sell-side clients transact with each other using bank-intermediated credit via the prime brokerage desk ...
Shoosmiths has partnered with The Legal 500 as exclusive expert contributing editors and authors across two of their latest Country Comparative guides. These global guides provide detailed information and insight into practice-area-focused laws and regulations in various jurisdictions., and provide an excellent platform to highlight our Technology sector globally, focusing on key areas such as AI, Blockchain & Digital Assets, Connected Tech, Tech Corporate Lifecycle, and Fintech ...
One of the structural principles of the new data protection law is the principle of lawfulness and fairness, which requires that all processing has an appropriate legal basis. Those responsible for managing databases that have been organized prior to the entry into force of the new Data Protection Law will face a great challenge: the adaptation of their databases to the new regulation, which will clearly mean a race against time ...
The National Cybersecurity Coordination, a unit of the Undersecretary of the Interior responsible for coordinating the actions of public agencies in cybersecurity and recommending to the President of the Republic policies, laws, regulations, protocols and standards in this area, recently put two of a series of regulations required by Law No. 21,663 Framework on Cybersecurity up for public consultation ...
The data breach at controversial dating site Ashley Madison exposed 36m users in 2015. It heralded a new age of global data protection laws, but could it happen again? A recent Netflix documentary is retelling the story of the mass data breach in 2015 affecting up to 36 million users of the Ashley Madison website. A decade ago, the Canadian site’s USP was already proving controversial: catering for happily married people looking for a discreet affair ...
Cyber reporting requirements for Bermuda insurers, insurance managers and insurance intermediaries following the CrowdStrike faulty software update Key reporting obligations Prompt notification Bermuda insurers, insurance managers and insurance intermediaries (including brokers, agents and insurance marketplace providers) (each, a "Registered Person") must forthwith notify the BMA upon coming to the knowledge, or having a reason to believe, that a cyber reporting event has occurred ...
****Dear Ladies and Gentlemen!**** The authorities in Russia and the rest of the world have recently been paying more and more attention to data protection issues ...
On July 24, 2024, the joint committee approved what should be the final draft of the bill that amends Chilean Data Protection Law N° 19,628 (the “Law”). After this stage, the draft of the Law needs to be approved by both the Senate and the Chamber of Deputies. Upon approval, it will be sent to the President of the Republic for presidential approval and eventually will be subject to review by the Constitutional Court ...
Effective July 29, 2024, the Federal Trade Commission (“FTC”) has issued a final rule that expands the scope of its existing Health Breach Notification Rule (“HBNR”) to include health and wellness applications (“apps”) typically associated with wearable technologies such as smart watches ...