The European Commission continues unpacking the Artificial Intelligence Act: definition of artificial intelligence system and the general-purpose AI code of practice
On February 6, the European Commission published guidelines to assist the various operators in the artificial intelligence environment to determine whether they are dealing with an artificial intelligence system within the meaning of Regulation (EU) 2024/1689 on artificial intelligence. Additionally, on March 11, it published the third draft of the general-purpose AI code of practice. In the following article, we unpack the key points of both documents.Data Economy, Privacy and Cybersecurity Newsletter - April 2025
In this newsletter, we offer the latest updates on everything related to the data economy, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.Data Economy, Privacy and Cybersecurity Newsletter - December 2024
In this newsletter, we offer the latest updates on everything related to the data economy, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.Data centers as a key part of the digital economy. Challenges and new horizons
A data center is the physical location that stores information and enables cloud services to exist and be created. Although this may seem a simple description it is not at all, if we take into account that the cloud is now the economy itself.Data Economy, Privacy and Cybersecurity Newsletter - October 2024
In this newsletter, we bring you the latest updates on data protection, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.Everything you need to know about the plan to implement new whistleblowing legislation in Portugal
By June 18, 2022, companies (whether public or private) and public entities, especially those employing 50 or more workers, are obliged to implement a whistleblowing channel so that workers, shareholders, members of corporate bodies, service providers, suppliers and other reporting parties, including within the context of a professional relationship that has since ended, might report breaches of the legislation referring to various areas.China’s Personal Information Protection Law: things you need to know
Recently, China formally passed the Personal Information Protection Law (PIPL), which is the first comprehensive national level personal data protection law of this country. PIPL will become effective as of November 1, 2021, leaving a short time for the companies operating in China (and even certain foreign companies) to become fully compliant to the new personal data protection regime.China’s Supreme People’s Court sets rules for facial recognition technology
On July 28, 2021, China’s Supreme People’s Court (the top judicial authority) published the 'Provisions on Relevant Issues on the Application of Laws in Hearing Civil Cases Related to the Application of Facial Recognition Technology in Processing Personal Information'. The provisions came into force as of August 1, 2021. They provided guidance for the courts to apply the rules scattered in Civil Code, Cybersecurity Law, Consumer Rights Protection Law, E-Commerce Law, etc. on personal data processing by using facial recognition technology, and have also set specific rules based on the recent practices of the Chinese courts. In this article we provide our comments on several highlights in the provisions.China sets new rules on security vulnerability of network products
China’s Ministry of Industry and Information Technology (MIIT), Cybersecurity Administration of China (CAC) and Ministry of Public Security (MPS) jointly published the Provisions on Administration of Security Vulnerability of Network Products (Provisions), which will be in force as of September 1, 2021. The Provisions have established rules for the detection, collection, publication and other activities in relation to the security vulnerability of network products.