🌍 Adequacy (by the EU and the UK) should ideally be positioned as a way of promoting the ongoing protection of data globally, rather than the pursuit of convergence towards any given standards.
All debatable, of course, so other views welcome (either if you see me here in Venice or digitally).
To reiterate two key points I made:
🌎 There is a risk that if we position the rules around international data transfers as a digital sovereignty issue, we may lose track of the fact that the real intention should be for the protection to follow the data as it flows.
Quite a venue to discuss international data transfers at the Venice Privacy Symposium this morning.
Lima. On an early morning run. Attending Global CBPR Forum meetings.
Mine wasn’t bad either…
Please don’t be worried. Being afraid of being free is the first step to losing our freedom.
Great thread about the practical mindset of European top judges.👇
Doing some domestic filing, I came across this article I wrote as a newly qualified lawyer in June 1996 for the internal newsletter of the first law firm I worked for.
Aside from being a blast from the past, the similarities with how we approach the use of AI at law firms today are pretty striking.
Beyond legal technicalities and appeasement, can Europe pull off the next generation of global digital regulation standards?
My latest piece on the real purpose of the EU Digital Omnibus.
www.linkedin.com/pulse/what-d...
Clearly “Starmer…🎶🎶” to the tune of The Police’s “Roxanne…🎶🎶”
Our take on where the EU Digital Omnibus is at the moment and what is likely to go through.
www.hoganlovells.com/en/publicati...
Maybe the distinction is less about consciousness and more about conscience.
Wondering what aspects of AI global regulators are acting on?
We discuss it in some depth in this episode of our podcast The Data Chronicles.
Perfect for the weekend!
www.hoganlovells.com/en/publicati...
When people hear about the ICO, they often think of @infocommission.bsky.social, but there is another very respectable entity that has the same initials: the Irish Chamber Orchestra.
This ICO has today released a wonderful album that is just food for your soul.
open.spotify.com/album/27pXTn...
Data protection is not just about compliance. It is also about demonstrating compliance, and this is particularly important for regulatory investigations, we hear at #IAPPIntensive26. Transparency is therefore key alongside the ability to maintain confidentiality.
Not getting the wider strategy right when faced with a regulatory investigation is regarded as the most critical mistake. It sounds obvious but when operating in crisis mode, having the space to think is lacking precisely when it is most important. Wise views at #IAPPIntensive26.
A complaint that is not amicably resolved and is escalated to a regulator is seen as one of the most common triggers of a formal regulatory investigation at #IAPPIntensive26.
So avoiding escalation should be seen as a priority in practice.
Fascinating session at #IAPPIntensive26 focused on the sensitive topic how to handle regulatory investigations.
First lesson to learn is that from the very first interaction with a regulator, no matter how informal or casual, the right attitude matters.
Wise words by my colleague Charmian Aw at #IAPPIntensive26 explaining how a legal framework focused on enhancing trust is the best ally of innovation.
The number of people attending this #IAPPIntensive26 session on international data transfers and the number of questions being asked shows what a big area of concern this still is for organisations.
Interesting panel session at #IAPPIntensive26 comparing the (slight) simplification of the UK’s international data transfers regime with the EU’s (growing) toughening of its own approach.
The big cheese (and more importantly the big brains) behind the @iapp.bsky.social @jtrevorhughes.bsky.social reflecting over the long evolution of our crucial profession for humanity’s wellbeing and prosperity at #IAPPIntensive26.
John Edwards of @infocommission.bsky.social emphasises the crucial importance of being agile in order to look ahead and anticipate risks. He rightly says at #IAPPIntensive26 that this is aligned with the ability to act in a coordinated fashion with other regulators.
Commissioner John Edwards vigorously defends the @infocommission.bsky.social regulatory strategy and resource allocation, and explains at #IAPPIntensive26 that their decisions about any trade offs made when pursuing some objectives over others are fully transparent.
A familiar face kick-starting #IAPPIntensive26 telling us about the changes happening at the @infocommission.bsky.social and reflecting about the importance of resilient and agile regulators in the age of AI.
On a fleeting visit to San Francisco, local companies are very keen to know how far the European digital regulatory simplification will go. You could call that part of the “Brussels Effect”.
Sharp reporting on the state of play of the critical issue of copyright and AI training in the UK by my colleagues.
www.hoganlovells.com/en/publicati...
And since AI governance needs to work across jurisdictions with different legal regimes, as has been the case with privacy governance for years, it is also crucial to identify a common denominator (not too low and not too high) that can be used a global standard (even if local tweaks are needed).
Devising a clear, sensible and workable risk triage process is equally essential in practice.
The trick is to reach consensus on what the real risks could be, but the most obvious business risk of AI is to invest into AI that doesn’t deliver its benefits because it doesn’t work or is unlawful.
The number one mission of those with responsibility for AI governance is to convey the message that “AI governance is an enabler, not a blocker”.
This obviously has to be a genuinely believed message which has to be backed up by actions that show it’s true.