European Union

The CJEU’s March 19, 2026, judgment in Case C-526/24 marks a significant development in GDPR enforcement, holding for the first time that even a single data access request may be refused as “excessive” under Article 12(5) GDPR if made in bad faith, while also confirming that an unjustified refusal to comply with such a request can itself give rise to damages liability under Article 82(1) GDPR.

Continue Reading CJEU: First Request for Access May Be Rejected as Abusive Under GDPR

The upcoming EU Data Act introduces a user-centric approach to data generated by IoT devices, giving individuals and organizations unprecedented control over both personal and non-personal data. Discover what this paradigm shift means for data holders, business models, and the future of data sharing in the EU.
Continue Reading Action Required for Manufacturers of Connected Devices: Challenges Under the EU Data Act

NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors

On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025

  1. Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI

David Zetoony, co-chair of GT’s U.S. Data, Privacy and Cybersecurity Practice, and Shareholders Reena Bajowala and Liz Harding will present the MyLawCLE and Federal Bar Association webinar, “Artificial Intelligence and Data Privacy: Current Laws and Regulations in the United States and the European Union,” Jan. 15, 2025.

This program will include an in-depth

Greenberg Traurig Shareholder Reena Bajowala will present the Strafford webinar “New EU Artificial Intelligence Act: Impact on U.S. Organizations, Strategies to Ensure Compliance” Tuesday, Sept. 10 from 1–2:30 p.m. EDT. This CLE course will explore the AI Act’s regulatory framework, summarize key points U.S. organizations need to understand, and provide practical steps for

On 13 March 2024, the European Parliament adopted the AI Act. Since the EU Commission presented its first draft almost three years ago, the use of AI and general purpose AI models has increased significantly. Hence, the regulatory proposal was (and still is) the subject of hefty debate.

Continue reading the full GT Alert.

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the