Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Failure-to-appear Litigation Litigator 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. 33(2) GDPR relating to the same personal data breach.

Data protection 52

Data protection e-records Compliance Court 52

Ikigai Law

AUGUST 11, 2023

“If you don’t see me in half a decade, just wait a little longer” – India’s data protection bill ( circa 2018 ) On 9 th August, the Digital Personal Data Protection Bill, 2023 was finally passed in the Parliament. The finish line – the new data bill What stood out?

Data protection 52

Data protection Law Law 52

Legal Tech Blog

SEPTEMBER 7, 2023

New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. On September 1, a new data protection law (revDSG) has come into force in Switzerland. However, compliance can be largely automated through artificial intelligence.

Compliance 70

Compliance Data protection Legal tech Legal tech 70

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Debevoise Data Blog

SEPTEMBER 25, 2024

However, data controllers and processers should be aware that the UK’s Information Commissioner’s Office (“ICO”) can also carry out dawn raids as part of investigations into compliance with data protection laws. unlawfully obtaining personal data). Train key staff on protocols and procedures for dawn raids.

Data protection 52

Data protection Failure-to-appear Court Judge 52

Inside Privacy

APRIL 12, 2023

These requirements cover a wide range of issues that are frequently debated in relation to the governance of generative AI globally, such as data protection, non-discrimination, bias and the quality of training data. This blog post identifies a few highlights of the draft Measures.

Intellectual Property 138

Intellectual Property Data protection Law Law 138

Technology Law Dispatch

MARCH 6, 2023

If you can remember as far back as December 2021, we published a blog post announcing that the European Data Protection Board (EDPB) published draft guidelines on the interplay between the territorial scope of the GDPR and the international transfer requirements.

Data protection 52

Data protection 52

Debevoise Data Blog

NOVEMBER 24, 2020

EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. million fine imposed by the UK Information Commissioner’s Office (“ICO”) against Ticketmaster for alleged data security failings that exposed customer payment card data.

Data protection 52

Data protection Compliance Failure-to-appear Software 52

Richmond Journal of Law and Technology

MAY 2, 2023

This blog post delves into the legal considerations that contribute to the success of e-commerce in different African countries and recommends suitable entry points for businesses entering the e-commerce market. and Trade, Consumer Protection , [link] [10] Kenya Info and Commc’n Act (1998), [link] Consumer Prot. 15] Ultimately, U.S.

Data protection 52

Data protection Compliance Due diligence Law 52

Debevoise Data Blog

FEBRUARY 8, 2021

As anyone following the fallout from the Court of Justice of the European Union’s decision in Schrems II will know, the GDPR restricts the transfer of personal data to “third countries”, including the U.S., This requires firms to share only personal data that is truly necessary for the stated purpose of the data request.

Data protection 52

Data protection Compliance Court Law 52

Inside Privacy

FEBRUARY 1, 2024

In this blog post, we outline the current and forthcoming EU legislation on the international transfer of non-personal data. This blog post was drafted with the contribution of Diane Valat. ) X (Recent Council versions remove this obligation.) We are happy to answer any questions you may have on this topic.

Intellectual Property 72

Intellectual Property State law Court Compliance 72

Debevoise Data Blog

AUGUST 18, 2021

The penalty resolves charges that Pearson misled investors related to a 2018 data breach. According to the SEC’s Order , on March 21, 2019, Pearson learned that millions of rows of data had been accessed and downloaded by a threat actor exploiting an unpatched security vulnerability. securities issuer.

Data protection 40

Data protection Software Law Law 40

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. GDPR : To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). So, it may be a good idea to learn more about GDPR.

Law firm 98

Law firm Law Law Due diligence 98

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

MARCH 11, 2021

The recent publication of the SEC’s 2021 Division of Examination Priorities (the “2021 Priorities”) presents an opportunity to look back at the cybersecurity work of the SEC in 2020 and speculate about the SEC’s examination and enforcement priorities for data protection in the coming year for RIAs.

Compliance 52

Compliance Data protection Attorney 52

Debevoise Data Blog

NOVEMBER 12, 2021

Mr Lloyd alleged that Google breached its duties as a data controller under the Data Protection Act 1998 (“DPA”) when it implemented the ‘Safari Workaround’. Google was initially successful before the first instance judge in 2018. This was reversed by the Court of Appeal in 2019.

Data protection 52

Data protection Court Judge Litigation 52

Debevoise Data Blog

MARCH 17, 2023

To subscribe to the Data Blog, please click here. The cover art used in this blog post was generated by DALL-E.

e-discovery 52

e-discovery Litigation Litigator Compliance 52

Berkley Technology Law Journal

NOVEMBER 18, 2022

So if you’re a new entrant and you want to go into competition with those companies, one way to sort of lower the barriers to entry would be that you get access to those data. And, of course, due to our very strict data protection rules, you will not get access to the data without sort of consent of the end users.

Law 100

Law Law Data protection Court 100

Berkley Technology Law Journal

NOVEMBER 18, 2022

So if you’re a new entrant and you want to go into competition with those companies, one way to sort of lower the barriers to entry would be that you get access to those data. And, of course, due to our very strict data protection rules, you will not get access to the data without sort of consent of the end users.

Law 100

Law Law Data protection Court 100

Richmond Journal of Law and Technology

APRIL 11, 2023

14] Concerns, interest, and public outcries over data security have been increasing. [15] 15] Increased awareness of companies profiting from lax data security systems and personal information, along with high-profile data breaches, has heightened concerns about cybersecurity in the private sector. [16] Agency: Blog (Mar.

Data protection 52

Data protection Software Defendant Law 52

Debevoise Data Blog

FEBRUARY 28, 2022

As cyber threats continue to grow, and consumers gain more privacy rights over their personal data, businesses need robust data minimization programs that can significantly reduce the amount of sensitive data they collect and maintain. The UK Data Protection Act of 2018 has a similar provision.

e-filing 52

e-filing Litigation Litigator Compliance 52

Debevoise Data Blog

JANUARY 19, 2021

FTC Commissioner Rohit Chopra remarked in a statement that Commissioners have previously voted to allow data protection law violators to retain algorithms and technologies that derive much of their value from ill-gotten data and that the Everalbum settlement marked an “an important course correction.”

Machine learning 45

Machine learning Court Data protection Law 45

Debevoise Data Blog

OCTOBER 10, 2022

European Data Protection Roundup – September 2022 Key takeaways this September include: Google Analytics : Continue to assess carefully the use of Google Analytics. What to do : The Danish Data Protection Agency referred entities to the CNIL’s detailed guidance on making Google Analytics GDPR-compliant.

Data protection 52

Data protection Analytics Software Compliance 52

Debevoise Data Blog

NOVEMBER 2, 2022

up to 45 when including the European Economic Area and the 16 German state data protection authorities). In 2018, the U.S. The outcome could have a significant impact on businesses’ potential liability for GDPR infringements and the viability of mass claims. authorised the U.S.

Data protection 52

Data protection Compliance Machine learning Court 52

Richmond Journal of Law and Technology

MARCH 16, 2025

“AI models can learn and remember specific data points, meaning that, if they are open source, users’ sensitive personal information – like financial data – could be included in the code.” [15] 15] As such, AI can inadvertently leak users’ private data. [16] 15] As such, AI can inadvertently leak users’ private data. [16]

Time-tracking 52

Time-tracking Data protection Analytics Court 52

Debevoise Data Blog

MARCH 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018. To subscribe to our Data Blog, click here.

Software 52

Software Defendant Failure-to-appear Compliance 52

Eric Goldman

MAY 26, 2025

Another lengthy blog post rounding up cases from the past few months involving CSAM or commercial sex and Section 230/FOSTA. May 6, 2025) Prior blog posts ( 1 , 2 ). Users can store iCloud files using “Advanced Data Protection,” which encrypts the files such that Apple can’t access them.

Defendant 57

Defendant Failure-to-appear Court Judge 57