Photo of Dr. Viola Bensinger

Viola Bensinger is Global Co-Chair of the Greenberg Traurig’s IP & Technology Practice Group and the Global Data Privacy & Cybersecurity Practice, and also chairs the Technology Practice in Germany. She advises clients from the technology, media, health care, automotive and other industries.

On 13 March 2024, the European Parliament adopted the AI Act. Since the EU Commission presented its first draft almost three years ago, the use of AI and general purpose AI models has increased significantly. Hence, the regulatory proposal was (and still is) the subject of hefty debate.

Continue reading the full GT Alert.

  1. Cybersecurity Rules by the SEC and the EU – Both the Security and Exchange Commission’s public company cybersecurity disclosure and breach notification rules as well as the implementation of the EU NIS 2 Directive will drive increased focus from management and the board on cybersecurity risks, preventive measures, and incident response. Expect to see another
  1. An Increase in Extortion-Only Cyber Attacks – While ransomware attacks have been on the rise since 2020, a recent trend has emerged where threat actors are bypassing ransomware malware and encryption tactics and going straight to data theft. If a victim company does not pay the extortion demand, the threat actors engage in increasingly aggressive

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA). To avoid compliance risks associated with illegal transfers of personal data, any old SCCs should be updated to

With its adoption of an adequacy decision pursuant to Art. 45 General Data Protection Regulation (GDPR) for the Republic of Korea on Dec. 17, 2021, the European Commission has declared that the country provides an adequate data protection level comparable with GDPR standards.

Click here to read the full GT Alert.

The new Telecommunications Telemedia Data Protection Act (TTDSG) (link in German) is the result of a clean-up campaign in German data protection law. The TTDSG, which became effective 1 December 2021, merges the data protection regulations in telemedia and telecommunications law that were previously scattered across a wide array of German laws.

Click

So much has been said about the new Cross-Border standard contractual clauses (SCC), which the EU Commission finally adopted on 4 June 2021 (see GT blog post from 9 June 2021), that it almost went unnoticed that the Commission published two different kinds of SCC that day. The other set of SCC (the DPA-SCC)

On 04 June 2021, the EU Commission adopted two new sets of standard contractual clauses (SCC): one set for the transfer of personal data from the EU to third countries (Cross-Border SCC) and another set addressing certain clauses in controller-processor data processing agreements (DPA-SCC). The adoption was made some seven months after initial drafts

After more than four years of negotiations, the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), which will replace the ePrivacy Directive (2002/58/EC), appears to be at a turning point. On Feb. 10, 2021, the Council of the European Union announced it has adopted a consolidated version (the “Council’s Position”) which will be the basis

On 12 November 2020 the Commission of the European Union (EU) published two draft implementing decisions – one containing a draft new set of standard contractual clauses for transfers of personal data from the EU to third countries (the Cross-Border SCCs), and one containing a draft of new standard contractual clauses for certain clauses in