Category Archives: European Union (EU)

The Trust Paradox: How Aggressive Whistleblower Enforcement Risks Undermining Compliance Culture

by Sharon Oded

Photo of the author

Sharon Oded (photo courtesy of the author)

In the evolving landscape of corporate regulation, whistleblower frameworks have emerged as indispensable instruments for surfacing misconduct that might otherwise remain obscured. From financial fraud to sanctions violations, whistleblower disclosures have catalyzed some of the most significant enforcement actions of the past decade. Yet, as enforcement agencies increasingly adopt aggressive, incentive-driven approaches, a critical inflection point has been reached: Are we inadvertently undermining the very cultures of integrity we seek to cultivate?

Continue reading

A Reflection on the OECD’s Report (Part II): Governments’ Assessments of Corporate Anti-Corruption Compliance

by Veronica Root Martinez and Liz Carrasco

Photos of the authors

Left to right: Veronica Root Martinez and Liz Carrasco (photos courtesy of authors)

Governments have a responsibility to evaluate corporate compliance programs and an opportunity to design strong regulatory frameworks. To identify reforms and encourage implementation, they must first understand the state of compliance. The Organisation for Economic Cooperation and Development (OECD) report Governments’ Assessments of Corporate Anti-Corruption Compliance[1] provides a detailed look at how governments are approaching the assessment of corporate anti-corruption compliance programs. The report explains that clear, consistent standards for assessing these programs would improve both efficiency and credibility—but few governments have adopted such standards. This blog post explores governments’ roles in 1) guiding companies on compliance criteria, 2) enhancing oversight, and 3) the value of information sharing.

Continue reading

Staffing Up: Antitrust Regulators Around the World Step up Digital Platform and Technology Enforcement

by Aymeric De Moncuit, Rachel J. Lamorte, Daniel Vowden, Stephen V. Groh, Ora Nwabueze, and Sarah Wilks

Photos of the authors

Top left to right: Aymeric De Moncuit, Rachel J. Lamorte and Daniel Vowden. Bottom left to right: Stephen V. Groh, Ora Nwabueze and Sarah Wilks. (Photos courtesy of Mayer Brown)

At a Glance

In February, the Japan Fair Trade Commission announced that it will hire additional staff to enforce the country’s new Act on Promotion of Competition for Specified Smartphone Software. The Act “aim[s] to foster innovation and expand options for consumers through ensuring a fair and competitive environment in the digital field,” and is a recent example of worldwide competition enforcers’ focus on digital platforms and technology. We consider how enforcers across the world have staffed up to enforce similar legislation.

Continue reading

President Trump Announces Then Suspends Reciprocal Tariffs, Defers Tariffs on Certain Electronics, and Increases Tariffs on China

by Lauren Mandell, David J. Ross, Neena Shenai, Rhonda K. Schmidtlein, Heather E. Hedges, and Mark Kim

Photos of the authors

Top left to right: Lauren Mandell, David J. Ross, Neena Shenai, Bottom left to right: Rhonda K. Schmidtlein, Heather E. Hedges and Mark Kim (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On April 2, 2025, President Donald Trump issued an executive order (the Reciprocal Tariffs Executive Order or Executive Order) announcing a 10% baseline reciprocal tariff on nearly all U.S. trading partners, effective April 5, and an additional reciprocal tariff on 57 countries, effective April 9. Seven of the United States’ top ten trading partners are among the 57 countries the Order states will face an additional reciprocal tariff: 34% for China (including the baseline tariff and the additional tariff), 20% for the European Union, 46% for Vietnam, 32% for Taiwan, 24% for Japan, 27% for India, and 26% for South Korea. Other than exemptions for duties imposed pursuant to Section 232 actions and for certain enumerated products, the tariffs are additive.

However, on April 10, the President suspended country-specific reciprocal tariff for all countries except China for a period of 90 days, until July 8, 2025.  On the same day, after days of escalation, the President increased the Chinese reciprocal tariff to 125%.

On April 11, the President excluded from the reciprocal tariffs a host of electronics, including smartphones, laptops, televisions.  This relief appears to be temporary because on April 14, the U.S. Commerce Department announced new Section 232 investigations of semiconductors, as well as pharmaceuticals, that could result in tariffs.

Continue reading

European Union, United Kingdom Competition and Markets Authority Impose More Than €549 Million in Fines on Major Car Manufacturers for 15-Year Cartel Involving Vehicle Recycling

by Jonathan J. Rusch

photo of author

Photo courtesy of the author

On April 1, the European Commission (EC) and the United Kingdom Competition and Markets Authority (CMA) simultaneously announced that they had imposed fines collectively totaling more than €549 million against a total of 17 leading car manufacturers and two trade groups, the European Automobiles Manufacturers’ Association (ACEA) and the Society of Motor Manufacturers & Traders (SMMT), for conducting a more than 15-year cartel pertaining to “end-of-life” vehicle recycling.[1]

Continue reading

Explaining Credit Scores – The ECJ Rules on Automated Credit Assessments

by Katja Langenbucher and Kevin Bauer

Photos of the authors

Left to right: Katja Langenbucher and Kevin Bauer (photos courtesy of authors)

A little over a year ago, the SCHUFA tightened the requirements for credit scoring under the EU GDPR. On February 27, the Court handed down further instructions on providing scored consumers with “meaningful information about the logic involved” as required by Art. 15(1)(h) of the GDPR.

Continue reading

The EU AI Act Countdown Is Over: First Wave of Requirements Now in Force

by Avi Gesser, Matt Kelly, Martha Hirst, and Samuel Thomson

Photos of the authors

Left to right: Avi Gesser, Matt Kelly, Martha Hirst, and Samuel Thomson (Photos courtesy of authors)

The first wave of the EU AI Act’s requirements came into force on 2 February 2025, namely:

  • Prohibited AI: the ban on the use and distribution of prohibited AI systems, and
  • AI Literacy: the requirement to ensure staff using and operating AI possess sufficient AI literacy.

All businesses caught by the EU AI Act’s jurisdictional scope – which is potentially very broad and may even exceed the scope of the GDPR – are now required to comply with these obligations.

Continue reading

Navigating GDPR Risks in AI: Insights from the EDPB’s latest Opinion & the UK ICO’s AI Consultation Response

by Dr. Christoph Werkmeister, Giles Pratt, Tristan Lockwood, and Dr. Benjamin Blum

In December 2024, the European Data Protection Board (EDPB) and the UK Information Commissioner’s Office (UK ICO) separately published significant guidance on the application of the GDPR to AI.

The EDPB’s Opinion 28/2024 had been much anticipated and generated significant media coverage, with headlines such as ‘AI developers don’t need permission to scoop up data, EU data watchdogs say (Politico). The UK ICO’s response to its year-long consultation on privacy issues in generative AI may have attracted less attention, but it also marked a significant development in how businesses should assess AI from a privacy perspective. 

Continue reading

Digital Services Act Decoded #1: DSA Enforcement – Key Points

by Laura Knoke, Lutz Riede, Tobias Timmann, Janet Kim, Tristan Lockwood, Luca Mischensky, and Juliana Heer

Top Left to Right: Laura Knoke, Lutz Riede, Tobias Timmann, and Janet H. Kim. Bottom Left to Right: Tristan Lockwood, Luca Mischensky, and Juliana Heer (photos courtesy of Freshfields Bruckhaus Deringer LLP)

The Digital Services Act (DSA) empowers both the European Commission (Commission) and Member State Digital Services Coordinators (DSCs) to take tough enforcement action against non-compliance. Since DSA obligations became fully applicable for most very large online platforms (VLOPs) and very large online search engines (VLOSEs) in August 2023, compliance has been at the top of the Commission’s regulatory agenda. With enforcement action continuing to ramp up over the past year, and obligations for all other intermediary services coming into force in February 2024, it is vital for service providers subject to the DSA to be familiar with the DSA’s different enforcement mechanisms and areas of focus. The enforcement landscape is one that is further complicated by the ability of private parties, such as service users and consumer protection organisations, to bring private actions to facilitate DSA compliance.

Continue reading

CJEU: Competitors Can Sue over Data Protection Violations

by Dr. Detlev Gabel, Erasmus Hoffmann, and Markus Langen

Photos of authors

Left to Right: Dr. Detlev Gabel, Erasmus Hoffmann and Markus Langen (photos courtesy of White & Case LLP)

Background

The German Federal Court of Justice (Bundesgerichtshof), tasked with resolving a conflict between two competing pharmacists, sought guidance from the Court of Justice of the European Union (“CJEU”) on interpreting the General Data Protection Regulation (“GDPR”). The defendant’s business sells over-the-counter (“OTC”) medicinal products online. During the ordering process, customers must provide certain information, including their name, delivery address, and details about the relevant OTC product. Invoking German legislation on unfair commercial practices, the claimant, a competitor, asked the German courts to halt this practice of the competing pharmacy, unless there is assurance that customers give prior consent for the processing of their health-related data.

The courts at both the first and second instance determined that the ordering process involves processing of health data, which is prohibited under the GDPR in the absence of explicit customer consent or other justification. The courts found this practice to be in breach of the GDPR, and thus unfair and unlawful under the German Unfair Competition Act. The German Federal Court of Justice sought clarification on whether the GDPR allows national legislation to permit competitors to initiate legal action against a person allegedly violating the GDPR. Furthermore, it inquired if the information provided during the ordering process qualifies as health data under the GDPR, even though the relevant OTC products do not require a prescription.

In its judgement of October 4, 2024, the CJEU provided clarity on these issues.

Continue reading