Helping to minimize legal risks, protect and grow what you create, and avoid and resolve disputes.

For founders, investors, CEOs, CFOs and inhouse counsel in digital businesses, worldwide. We think you’ll like how we work.

  • EU International Data Transfers - new 2021 Standard Contractual Clauses

    EU International Data Transfers - new 2021 Standard Contractual Clauses

    The European Commission has issued a new set of standard contractual clauses (“SCCs”) to address new requirements under the GDPR, changes in the digital economy, but most importantly the European Court’s judgment in Schrems II requiring supplementary measures for some exports. The new SCCs are comprehensive and fill some gaps; but they require data importers and exporters to invest significantly in documenting how they will overcome local government surveillance laws.

  • Adtech Regulation under the EU’s draft Digital Services Act

    Adtech Regulation under the EU’s draft Digital Services Act

    A lot has been made of the liability and transparency provisions of the EU’s proposed Digital Services Act.

    However, there are also a few advertising-specific obligations (proposed to be) coming for online platforms that deserve a closer look.

  • "Due diligence" obligations for EU online platforms

    The quickest-possible look at the EU’s draft Digital Services Act and proposed new obligations for intermediaries and online platforms.

    Eden Legal will return with additional posts on: (1) liability for illegal content; and (2) specific adtech-related obligations, under the proposed Regulation.

    #Lawinagraphic – minimum wordiness, maximum user-friendliness.

  • How will Artificial Intelligence Systems be regulated in the EU?

    How will Artificial Intelligence Systems be regulated in the EU?

    The European Commission has put forward a proposed Regulation on a European Approach for Artificial Intelligence, also known as the “Artificial Intelligence Act”. It’s a proposal and before entering into application faces a likely lengthy path through the EU institutions which seems bound to produce a hefty amount of debate and amendments.

  • 2021 will be the Year of Smart Contracts

    2021 will be the Year of Smart Contracts

    Smart contracts are here. Eden Legal’s very initial, very personal thoughts on them.

  • GDPR EU/UK Representative - do we need one?

    GDPR EU/UK Representative - do we need one?

    Everything you need to know about appointing an EU and/or UK representative as required by the GDPR.

    Update 14 February 2021: under the EU Council’s agreed position on the future E-Privacy Regulation, providers of electronic communications services, providers of publicly available directories, senders of direct marketing over electronic communications services, and anyone using processing and storage capabilities or collecting information processed by or emitted by or stored in the end-users’ terminal equipment (i.e. adtech!) will also be required to appoint a representative in the EU and communicate it to the relevant national supervisory authority.

  • GDPR and Brexit - take us to the bridge

    GDPR and Brexit - take us to the bridge

    The EU-UK Trade and Cooperation Agreement has avoided major changes to personal data flows between the EEA and UK at least until 30 April 2021. However, if we process data of individuals in both the EEA and the UK, then we face the prospect of complying with two similar but distinct regulatory regimes.

  • The ICO fines Marriott and BA for GDPR Breaches - 10 Takeaways

    The ICO fines Marriott and BA for GDPR Breaches - 10 Takeaways

    If you’re handling personal data subject to EU (and/or UK) laws then you would do well to read the UK Information Commissioner’s (“ICO”) decisions to fine Marriott and BA for failures to have in place appropriate cyber-security measures. And this post for 10 more easily digestible takeaways.

  • EU Court invalidates Privacy Shield - what to do?

    EU Court invalidates Privacy Shield - what to do?

    The Court of Justice of the EU has struck down the EU Commission’s EU-U.S. Privacy Shield Framework decision, but in principle left in place the EU Commission’s Standard Contractual Clauses, which organisations can sign in order to impose EU-style data protection obligations on non-EU data importers. For now, where we used to rely the Privacy Shield framework, the pragmatic approach may be to sign SCCs – but the story won’t end there.

  • How do we become certified under the EU-U.S. Privacy Shield?

    How do we become certified under the EU-U.S. Privacy Shield?

    The EU-U.S. Privacy Shield framework may be an interesting tool to permit international transfers of personal data without any other permissions or contracts.
    UPDATE: The Privacy Shield framework remains in place and we can still apply to be certified, but on 16 July 2020, the EU Court of Justice decided that it could no longer be used to authorise transfers of personal data from the EU/EEA/UK to the USA, and other mechanisms need to be used.