Photo of Aleksander Aleksiev

Aleksander Aleksiev

Aleksander advises clients on legal problems associated with data protection, cybersecurity, and new technologies. He holds degrees in both law and computer engineering which he combines to provide advice that is both legally sound and technologically pragmatic.

Aleksander has advised companies, governments, and charitable organizations on a range of technology law issues including data breach response, compliance with privacy and cybersecurity laws, and IT contract negotiations. In addition to his experience advising on European law, Aleksander is Australian-qualified and has significant experience advising clients in the Asia-Pacific – particularly on Australian and Hong Kong law.

On 20 February, 2024, the Governments of the UK and Australia co-signed the UK-Australia Online Safety and Security Memorandum of Understanding (“MoU”). The MoU seeks to serve as a framework for the two countries to jointly deliver concrete and coordinated online safety and security policy initiatives and outcomes to support their citizens, businesses and economies.

The MoU comes shortly after the UK Information Commissioner’s Office (“ICO”) introduced its guidance on content moderation and data protection (see our previous blog here) to complement the UK’s Online Safety Act 2023, and the commencement of the Australian online safety codes, which complement the Australian Online Safety Act 2021.

The scope of the MoU is broad, covering a range of policy areas, including: harmful online behaviour; age assurance; safety by design; online platforms; child safety; technology-facilitated gender-based violence; safety technology; online media and digital literacy; user privacy and freedom of expression; online child sexual exploitation and abuse; terrorist and violent extremist content; lawful access to data; encryption; misinformation and disinformation; and the impact of new, emerging and rapidly evolving technologies such as artificial intelligence (“AI”).Continue Reading UK and Australia Agree Enhanced Cross-Border Cooperation in Online Safety and Security

Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our prior post about the Commission proposal

EU advocate general Collins has reiterated that individuals’ right to claim compensation for harm caused by GDPR breaches requires proof of “actual damage suffered” as a result of the breach, and “clear and precise evidence” of such damage – mere hypothetical harms or discomfort are insufficient. The advocate general also found that unauthorised access to

A would-be technical development could have potentially significant consequences for cloud service providers established outside the EU. The proposed EU Cybersecurity Certification Scheme for Cloud Services (EUCS)—which has been developed by the EU cybersecurity agency ENISA over the past two years and is expected to be adopted by the European Commission as an implementing act in Q1 2024—would, if adopted in its current form, establish certain requirements that could:

  1. exclude non-EU cloud providers from providing certain (“high” level) services to European companies, and
  2. preclude EU cloud customers from accessing the services of these non-EU providers.

Data Localization and EU Headquarters

The EUCS arises from the EU’s Cybersecurity Act, which called for the creation of an EU-wide security certification scheme for cloud providers, to be developed by ENISA and adopted by the Commission through secondary law (as noted in an earlier blog). After public consultations in 2021, ENISA set up an ad hoc working group tasked with preparing a draft.

France, Italy, and Spain submitted a proposal to the working group advocating to add new criteria to the scheme in order for companies to qualify as eligible to offer services providing the highest level of security. The proposed criteria included localization of cloud services and data within the EU – meaning in essence that providers would need to be headquartered in, and have their cloud services provided from, the EU. Ireland, Sweden and the Netherlands argued that such requirements do not belong in a cybersecurity certification scheme, as requiring cloud providers to be based in Europe reflected political rather than cybersecurity concerns, and therefore proposed that the issue should be discussed by the Council of the EU.Continue Reading Implications of the EU Cybersecurity Scheme for Cloud Services

On August 22, 2023, the Spanish Council of Ministers approved the Statute of the Spanish Agency for the Supervision of Artificial Intelligence (“AESIA”) thus creating the first AI regulatory body in the EU. The AESIA will start operating from December 2023, in anticipation of the upcoming EU AI Act  (for a summary of the AI