The European Union is set to implement significant changes to the General Data Protection Regulation (GDPR) as part of its ongoing effort to reduce regulatory burdens on businesses while maintaining robust data protection standards. These proposed amendments, part of the Commission’s fourth Omnibus package, represent the most substantial review of GDPR since its implementation in 2018. Key Changes to GDPR on the Horizon The centerpiece of the proposed reforms involves expanding exemptions from record-keeping obligations under Article 30 of the GDPR. Currently, organizations with fewer than 250 employees are exempt from maintaining detailed records of their data processing activities. This […]
Details
In a move shaking the foundations of the tech world, Google’s parent company, Alphabet, has agreed to acquire Wiz, a cloud security startup, for $32 billion in an all-cash deal. This marks Alphabet’s largest acquisition to date, surpassing its previous record purchase of Motorola Mobility for $12.5 billion in 2012. Wiz is an Israeli-founded startup headquartered in New York, specializing in cloud-native application protection. It provides agentless, real-time insights into vulnerabilities, misconfigurations, and access rights across public cloud settings. Wiz will continue to operate as an independent platform, compatible with various cloud providers beyond just Google Cloud. This move is […]
Details
Gecić|Law and the University of Belgrade’s Faculty of Law are proud to announce a cooperation agreement signed yesterday. The agreement defines collaboration on the recently established a Law and Technology Clinic. The pioneering educational initiative integrates cutting-edge technology with practical legal training. This partnership highlights our dedication to enhancing the educational landscape for law students through innovative approaches. The Law and Technology Clinic The clinic, initiated by Prof. Dr. Dušan V. Popović, a renowned professor in this emerging field, will be open to fourth-year undergraduate students. The Law and Technology Clinic offers a dynamic and interactive learning environment where students […]
Details
Introduction In the contemporary legal landscape, data privacy stands as a paramount concern, with the General Data Protection Regulation (GDPR) serving as the cornerstone legislation governing the processing of personal data within the European Union (EU) and beyond. Article 30 of the GDPR imposes a pivotal obligation on data controllers and processors to maintain a meticulous Record of Processing Activities (ROPA). This article endeavors to elucidate the intricacies surrounding Article 30, offering practical insights and dissecting the evolving practices of Data Privacy Authorities concerning ROPA compliance. Understanding Article 30 of GDPR GDPR Recital 82 states: “In order to demonstrate compliance […]
Details
Gecić Law is proud to announce an exclusive seminar that will explore the most critical aspects of law in the field of artificial intelligence (AI). The AI seminar titled “The Law in the Era of Artificial Intelligence” was organized in cooperation and with the exceptional support of the Union University Law School Belgrade. Participants will include students in their final years of study, master’s, and doctoral studies. The seminar will take place from October 16 to November 8. This intensive program will take participants through the general regulatory framework. It will also discuss ethical principles and parallels between EU law […]
Details
On July 10, 2023, the European Commission (“Commission“) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). The decision concludes that the United States (“US”) ensures an adequate level of data protection – comparable to that of the European Union (“EU“). What does this mean for EU Individuals and Businesses? The much-anticipated decision brings a conclusive resolution to the legal uncertainties surrounding the export of EU users’ data by US companies, an issue that has troubled thousands of businesses in recent years. The General Data Protection Regulation (“GDPR“) empowers the Commission to determine, through an implementing act, whether […]
Details
On July 4, 2023, the Court of Justice of the European Union (“CJEU“) pronounced a momentous judgment in Meta Platforms and Others. For the first time, the CJEU ruled that national competition authorities may determine GDPR infringements when examining an abuse of a dominant position. The CJEU’s decision clarifies the relationship between the General Data Protection Regulation (“GDPR“) and EU competition law, establishing that they can coexist and complement each other without conflict. The case centered on Meta Platforms Ireland, which runs Facebook in the EU. The ruling has its roots in a decision issued by Germany’s antitrust regulator, the […]
Details
On July 4, the EU Commission introduced a new Procedural Regulation aimed at enhancing cooperation among data protection authorities (“DPAs“) when enforcing the General Data Protection Regulation (“GDPR“) in cross-border cases. The Procedural Regulation focuses on establishing clear guidelines for DPAs handling cases involving individuals in multiple Member States without impacting any substantial elements of the GDPR, including the rights of data subjects, obligations of data controllers and processors, or the lawful grounds for processing personal data. A notable aspect of the Procedural Regulation is a provision that mandates the lead DPA to share a “summary of key issues” with […]
Details
I. Strengths of the GDPR The General Data Protection Regulation (“GDPR”), implemented in 2018, has played a vital role in safeguarding personal data in the era of information and communications technologies (“ICT”). As AI technologies continue to advance rapidly, questions arise regarding the effectiveness and adaptability of GDPR in addressing the evolving challenges of data protection. This article examines whether GDPR is ready for retirement or if it requires updates to address AI-related data protection concerns effectively. Namely, Artificial Intelligence (AI) is defined as a methodology used in machine learning to determine which one of several used models has the […]
Details
In August, the Spanish Data Protection Agency (Agencia Española de Protección de Datos, hereinafter: “Agency“) fined an NN person the sum of EUR 1,500 for violating the norms stipulated by the GDPR (General Data Protection Regulation), through the illegal collection and processing of personal data using a video surveillance system. (In the Decision issued by the Agency, the names of the parties involved were not disclosed, so the following terms will be used in the rest of this text: Injured party – person 1, Tortfeasor- person 2) What happened? The proceedings in front of the Agency were initiated by Person […]
Details