Matsumoto Ryoko

Ryoko Matsumoto is a global visiting lawyer who attended Kyoto University, Kyoto University Law School, and Stanford Law School.

Contact:Email

On July 24, 2025, the European Parliament (EP) published a study entitled Artificial Intelligence and Civil Liability – A European Perspective. The study considers some of the EU’s existing and proposed liability frameworks, notably the revised Product Liability Directive (PLDr) and the AI Liability Directive (AILD), which was proposed by the European Commission only to be later withdrawn. The study concludes that neither instrument sufficiently addresses the full scope of product liability risks and defects uniquely posed by high-risk AI systems, as that concept is defined by the EU AI Act. Therefore, it calls for the creation of a dedicated strict liability framework, specifically designed to tackle the particular liability risks that these systems are said to give rise to. While it is too early to predict whether other key European stakeholders will support such a framework and bring it to fruition, this development is an important one to monitor closely for those creating or working with high-risk AI systems.Continue Reading European Parliament Study Recommends Strict Liability Regime for High-Risk AI Systems

Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European Commission’s Digital Fairness Act Fitness Check. However, the Fitness Check points out that the number of issues with digital subscriptions, such as difficult cancellations, automatic renewals without reminders, and unclear subscription terms, have also increased. The Commission proposes to tackle these issues in its proposed Digital Fairness Act (“DFA”), which recently entered its consultation phase (see our blog post here).

This post briefly highlights certain issues with digital subscriptions identified in the Fitness Check, outlines how these issues are currently regulated in the EU, and considers the Fitness Check’s proposals to address these issues. It is the fourth post in our series on the upcoming DFA – previous posts covered influencer marketing, AI chatbots in consumer interactions, and personalised advertising and pricing.Continue Reading Digital Fairness Act Series — Topic 4: Digital Subscriptions

On June 26, 2025, the European Parliament’s Committee on Employment and Social Affairs published a draft report (“Draft Report”) recommending that the Commission initiate the legislative process for an EU Directive on algorithmic management in the workplace.  The Draft Report defines algorithmic management as the use of automated systemsincluding those involving artificial intelligenceto monitor, assess, or make decisions affecting workers and solo self-employed persons.

This Draft Report follows a Commission study published in March 2025 (“Commission Study”), which found that while existing EU legislation, such as the GDPR, addresses some risks to workers from algorithmic management, others remain.  The Commission Study also recognizes that the AI Act does not establish specific rights for workers in the context of AI use, which is noted as a concern.

The Draft Report encloses the proposed text for a new Directive on algorithmic management in the workplace (“Proposed Directive”).  The Draft Report has not yet been endorsed by the European Parliament.Continue Reading European Parliament Committee Recommends Commission to Propose EU Directive on Algorithmic Management

On 15 July 2025, the European Commission adopted an adequacy decision for the European Patent Organisation (EPO).  This marks the first time such a decision has been granted to an international organisation.  From now on, personal data can be transferred from the EU to the EPO based on this decision, without the need for additional safeguards such as Standard Contractual Clauses (SCCs).Continue Reading Adequacy Decision for the European Patent Organisation

On 31 July 2024, the German Higher Regional Court of Munich (OLG München) delivered a judgment providing key insights into the repercussions board members may encounter for violating the General Data Protection Regulation (GDPR). Although the primary legal question centered around the legality of an executive’s dismissal under German corporate and employment law, the court’s decision was heavily influenced by its determination that the executive had prompted the company to engage in unlawful data processing, thereby breaching the GDPR. This blog post highlights the essential facts of the case and the court’s findings regarding the data protection issues involved.Continue Reading German Court Upholds Board Member’s Dismissal For GDPR Breach

On June 26, 2025, the Council and the European Parliament reached a provisional agreement on modernizing the EU’s framework for alternative dispute resolution (ADR) in consumer matters.

The current ADR framework—established in Directive 2013/11/EU (ADR Directive)—has not been amended since its adoption in 2013. As noted in our previous blog, the European Commission recognized the need to modernize the system and, on October 17, 2023, proposed a legislative package to (i) amend the ADR Directive, and (ii) repeal the Online Dispute Resolution (ODR) Regulation, which created the European Online Dispute Resolution (ODR) Platform, on the basis that this platform was infrequently used. The ODR repeal regulation was formally adopted on November 19, 2024 and the ODR Platform will be discontinued on July 20, 2025. Since then, the focus has shifted to finalizing a reformed ADR framework.Continue Reading Council and Parliament Agree on Key Reforms to the EU ADR Framework

Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU.  This post examines how these practices are regulated under EU consumer protection law, and what we anticipate from the forthcoming Digital Fairness Act (DFA).  We also consider how data protection rules—such as the GDPR—interact with consumer protection laws.

This is the third post in our series on the DFA—a draft EU law currently being prepared by the European Commission and expected to be published in mid-2026.  Previous posts covered influencer marketing and AI chatbots in consumer interactions.Continue Reading Digital Fairness Act Series — Topic 3: Personalized Advertising and Pricing

On June 2, 2025, the Global Cross-Border Privacy Rules (“CBPR”) Forum officially launched the Global CBPR and Privacy Recognition for Processors (“PRP”) certifications.  Building on the existing Asia-Pacific Economic Cooperation (“APEC”) CBPR framework, the Global CBPR and PRP systems aim to extend privacy certifications beyond the APEC region.  They will allow controllers and processors to voluntarily undergo certification for their privacy and data governance measures under a framework that is recognized by many data protection authorities around the world.  The Global CBPR and PRP certifications are also expected to be recognized in multiple jurisdictions as a legitimizing mechanism for cross-border data transfers.Continue Reading Global CBPR and PRP Certifications Launched: A New International Data Transfer Mechanism

The “market” for AI contracting terms continues to evolve, and whilst there is no standardised approach (as much will depend on the use cases, technical features and commercial terms), a number of attempts have been made to put forward contracting models. One of the latest being from the EU’s Community of Practice on Public Procurement of AI, which published an updated version of its non-binding EU AI Model Contractual Clauses (“MCC-AI”) on March 5, 2025. The MCC-AI are template contractual clauses intended to be used by public organizations that procure AI systems developed by external suppliers.  An initial draft had been published in September 2023.  This latest version has been updated to align with the EU AI Act, which entered into force on August 1, 2024 but whose terms apply gradually in a staggered manner.  Two templates are available: one for public procurement of “high-risk” AI systems, and another for non-high-risk AI systems. A commentary, which provides guidance on how to use the MCC-AI, is also available.Continue Reading EU’s Community of Practice Publishes Updated AI Model Contractual Clauses

On February 4, 2025, the Japanese Government announced its intention to position Japan as “the most AI-friendly country in the world”, with a lighter regulatory approach than that of the EU and some other nations.  This statement follows: (i) the Japanese government’s recent submission of an AI bill to Japan’s Parliament, and (ii) the Japanese Personal Data Protection Commission’s (“PPC”) proposals to amend the Japanese Act on the Protection of Personal Information (“APPI”) to facilitate the use of personal data for the development of AI.Continue Reading Japan Plans to Adopt AI-Friendly Legislation