European Union

The upcoming EU Data Act introduces a user-centric approach to data generated by IoT devices, giving individuals and organizations unprecedented control over both personal and non-personal data. Discover what this paradigm shift means for data holders, business models, and the future of data sharing in the EU.
Continue Reading Action Required for Manufacturers of Connected Devices: Challenges Under the EU Data Act

NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors

On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025

  1. Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI

David Zetoony, co-chair of GT’s U.S. Data, Privacy and Cybersecurity Practice, and Shareholders Reena Bajowala and Liz Harding will present the MyLawCLE and Federal Bar Association webinar, “Artificial Intelligence and Data Privacy: Current Laws and Regulations in the United States and the European Union,” Jan. 15, 2025.

This program will include an in-depth

Greenberg Traurig Shareholder Reena Bajowala will present the Strafford webinar “New EU Artificial Intelligence Act: Impact on U.S. Organizations, Strategies to Ensure Compliance” Tuesday, Sept. 10 from 1–2:30 p.m. EDT. This CLE course will explore the AI Act’s regulatory framework, summarize key points U.S. organizations need to understand, and provide practical steps for

On 13 March 2024, the European Parliament adopted the AI Act. Since the EU Commission presented its first draft almost three years ago, the use of AI and general purpose AI models has increased significantly. Hence, the regulatory proposal was (and still is) the subject of hefty debate.

Continue reading the full GT Alert.

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects