Data Protection: the EU Commission recognizes Japan as having adequate levels of data protection

On 23 January 2019, the EU commission announced its decision that Japan ensures adequate levels of data protections - as a consequence, it is now possible to freely transfer personal data from the EU (and the EEA) to Japan without the application of any further requirements. Transfers of personal data originating from the European Economic …

EU Data Centers and Cross Border Transfers of Personal Data

In the wake of no-deal Brexit headaches, a number of international groups ask for advice on cross border transfers and how to make the best decisions when establishing a data center. If a company locates its data center in a EU country (ie in perspective, not in the UK), the flow of personal data from the …

Oneline Education and Application of EU GDPR

Education institutions, especially if they are offering distance learning programs, have the opportunity to reach students in every country of the world. Personal data collected and processed by a university, a school or by any other education institution in the context of its learning programs represent valuable assets: as such, they need to be carefully protected by ensuring compliance with privacy rules. In this context, the offering of services in the European Union and the data processing activities related thereto may possibly imply the adoption of a compliance program to the European Regulation 2016/679 (General Data Protection Regulation – “GDPR”). A compliance program to the GDPR is certainly a quite substantial commitment for European organizations and for foreign organizations which are subject to the new rules, however these subjects need to be mindful that the business and legal implications deriving from non-compliance with applicable rules may lead to substantial sanctions and to reputational damages.

EU GDPR-Consent to Process Personal Data

EU companies – and non-EU companies offering goods or services to EU citizens – which process personal data need to comply with the provisions introduced by the European Regulation 2016/279 (General Data Protection Regulation – “GDPR”) in this respect. Consent of the data subject is a legal basis for data processing but not the only …

Artificial Intelligence and Legal Personality

[“In a scenario where an algorithm can take autonomous decision, then who should be responsible for these decisions?” Milan-based corporate lawyer Stefania Lucchetti said]. My interview in Politico's article on the introduction of a concept of legal personality for artificial intelligence. This conversation has come of age, and while we do not yet have all …

Data Protection as a Corporate Governance Issue

    What are the implications of the GDPR from a practical point of view both from the legal side and the technical side? Aside from the obvious duty to be compliant, my view is that an appropriate data protection structure and responsibility line is not just an IT issue or a legal issue but …

Stefania Lucchetti as speaker at Forbes Live event on Fintech

On 1st March 2018 Stefania Lucchetti was a speaker at a Forbes Italia ForbesLive event during the Quant International Workshop (quantitative & asset management) in Venice, Italy. The focus of Stefania's panel was on the future of financial services in the age of Fintech. The topics addressed during the presentation included the legal issues related to …

Due Diligence: Welcome AI, but Keep the Human Element

The legal market is welcoming (and fearing) the introduction of Artificial Intelligence (AI) in due diligence processes. AI will liberate junior lawyers from the often tedious (and necessarily error prone) work of cataloguing contract information, and at the same time will take work away from law firms and lawyers. We are of the idea however …

AI and Legal Personality – on algorithm produced art

A great piece on Scientific American (see Is Art Created by AI Really Art) on the philosophical implications as well as the economic ones of AI  produced art jokingly raises a provocative question at the end of the article "When an AI-composed song wins the Grammy, who gets the trophy"? This is actually a complex legal …

And the Regulators Arrived: from SEC’s Ruling to the PBOC’s Ban of Initial Coin Offerings

Over the past months, the cryptocurrency market has remained in the spotlight not only for the fluctuations in the major coins' interest rates (Bitcoin, Ethereum), but also for the emergence and consolidation of a new way of raising capital in the digital token world: Initial Coin Offerings (ICOs). The reason leading to the launch of …

Token Sales and ICOs: why and when you need legal advice

Digital token sales are creating a gold rush on the web, with a token sale advertised every day in digital circles and social media and the movement - in some cases - of huge sums of money. Token sales still move in international waters from a legal and regulatory point of view, however international regulators …