Date: October 29, 2021

In Case You Missed It: EU Privacy, Data and Consumer Legislative Updates of the Past Month

Date Tag News Link to Source
October 29 Cybersecurity

The European Commission announced that it adopted a delegate act to the Radio Equipment Directive (Directive (EU) 2014/53).  This act sets out measures to (1) improve network resilience; (2) better protect consumers’ privacy; and (3) reduce the risk of monetary fraud.

The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections.

link
October 28 Cybersecurity European Parliament adopts position on Directive on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) and starts negotiations with Council link
October 20 AI European Commission launches public consultation ending on January 10 on the rules on compensation for damage caused by defective products with a specific focus on AI link and link
October 19 Cybersecurity European Commission invites the EU and Member States to further develop the EU cybersecurity crisis management framework, including by exploring the potential of building a joint cyber unit to tackle the rising number of serious cyber incidents impacting public services, businesses and citizens across the EU link
October 19 Cybersecurity European Commission will propose a European Cyber Resilience Act to establish common cybersecurity standards, and begin building an EU space-based global secure communications system to provide additional EU-wide broadband connectivity and secure independent communications to Member States link
October 13 Data Protection – Other European Data Protection Board (“EDPB”) issues guidelines on restrictions under Article 23 GDPR (i.e., restrictions will be defined as any limitation of scope of the obligations and rights provided for in Articles 12 to 22 and 34 GDPR as well as corresponding provisions of Article 5 in accordance with Article 23 GDPR) link
October 13 Children Data EDPB will adopt guidelines on children’s data link
October 13 Personal Data Transfers EDPB will adopt guidelines regarding the relationship between the GDPR’s extraterritorial reach and data transfer restrictions.  EDPB announced that the European Commission will develop a new set of standard contractual clauses for data transfers from the EEA to a non-EEA entity that is subject to the extra-territorial scope of the GDPR. link
October 13 Digital Services EDPB will adopt statement on overarching concerns regarding legislative proposals in Digital Services Package link
October 12 Cybersecurity European Parliament adopts position on new rules on EU critical infrastructure entities link
October 7 AI European Consumer Organization (“BEUC”) issues position paper on the AI Act link
October 6 AI European Parliament adopts resolution on AI in criminal law and its use by the police and judicial authorities in criminal matters link
October 1 Open Data Council of the EU approves version of the Data Governance Act, which will now be negotiated with the European Parliament link and link

What’s Coming Next

  • Negotiations on the Data Governance Act between Parliament and the Council are scheduled for November 9, and early December (see here)
  • Council of the EU is preparing position on the evaluation and findings on the application of the Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties (see here)
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.