Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

OCTOBER 20, 2023

The CMA further highlighted that transparency around the data used to train FMs is critical to reducing bias and improving accuracy of outputs, and to ensuring accountability. Two areas that have been stressed previously in the data protection compliance context. Failure to use BCC correctly (i.e.,

Data protection 52

Data protection Intellectual Property Compliance Law 52

Legal IT Group

JANUARY 30, 2023

This is the amount of a fine paid by a well-known company for violating the rules of the European General Data Protection Regulation (the GDPR). In this article, you will learn about the top 7 largest fines of 2022 and the personal data practices that should be avoided in your business. Is 1,000 EUR a lot for a business?

Compliance 130

Compliance Data protection Analytics Law 130

Legal IT Group

APRIL 28, 2023

The concept of necessity has an independent meaning in European Union law, which must reflect the objectives of data protection law. Also, the fact that the processing of certain data falls under an agreement does not automatically mean that the processing is necessary for its implementation.

Data protection 130

Data protection Time-tracking Court Lawsuit 130

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

JANUARY 25, 2024

This judgment arose from a 2019 cyberattack against the Bulgarian National Revenue Agency which resulted in a threat actor publishing more than 6 million people’s personal data on the internet. It remains to be seen whether data protect authorities will provide guidance on how to interpret the “draw strongly” condition.

Data protection 40

Data protection Court e-records Compliance 40

Inside Privacy

MAY 30, 2023

On April 4, 2023, the European Commission announced that the EU and Japan had successfully completed the first periodic review of the Japan-EU mutual adequacy arrangement , adopted in 2019. The amendments include, among other things, strengthened data security obligations (e.g., Developments in the Japanese framework.

Data protection 61

Data protection Mediator Compliance 61

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

Eric Goldman

FEBRUARY 15, 2024

The application of some DSA provisions will likely be tested with respect to their compliance with the EU Charter of Fundamental Rights , such as the “crisis response mechanism” under DSA Article 36. The DSA promises to change the internet inside the EU, and likely create spillover effects outside the EU.

Due diligence 105

Due diligence Data protection Compliance Court 105

Percipient

APRIL 22, 2023

Or it received a data request from a consumer under the GDPR or California Consumer Privacy Act. If the subpoena issued is in federal litigation, your company is likely responsible for the cost of compliance, especially if it has a connection to the litigation. Who covers the expense in responding to it? Another case, SPS Techs.,

e-discovery 97

e-discovery Court e-records Litigation 97

Richmond Journal of Law and Technology

MAY 2, 2023

8] Among the mentioned countries, Egypt, Nigeria, South Africa, Ghana, and Morocco seem to be suitable markets for entry, as they have established specific laws or regulations to protect consumers, especially in online transactions. [9] companies to take proactive measures to protect their data and adhere to foreign laws.

Data protection 52

Data protection Compliance Due diligence Law 52

Technology Law Dispatch

FEBRUARY 7, 2024

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy. Whose guidance to use? mln and Euro 20.45

Data protection 64

Data protection Compliance Court Lawyer 64

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. In 2019 and 2020, the CNIL’s inspectors performed online checks of google.fr Background. and amazon.fr New Record-Setting Penalties.

Data protection 52

Data protection Compliance Court 52

Inside Privacy

APRIL 24, 2023

For example, in October 2022, the Bank of England and Financial Conduct Authority (“FCA”) jointly released a Discussion Paper on Artificial Intelligence and Machine Learning considering how AI in financial services should be regulated and, in March 2023, the ICO updated its Guidance on AI and Data Protection.

Intellectual Property 69

Intellectual Property Data protection Machine learning Compliance 69

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs.

Data protection 52

Data protection Law Law Compliance 52

Debevoise Data Blog

MARCH 11, 2021

The recent publication of the SEC’s 2021 Division of Examination Priorities (the “2021 Priorities”) presents an opportunity to look back at the cybersecurity work of the SEC in 2020 and speculate about the SEC’s examination and enforcement priorities for data protection in the coming year for RIAs.

Compliance 52

Compliance Data protection Attorney 52

Debevoise Data Blog

NOVEMBER 11, 2021

In light of this uncertainty, we wouldn’t be surprised if many companies wait until the Final Measures are adopted before evaluating compliance with the security assessment requirements. This isn’t the first time the CAC has issued similar proposed guidance—previous iterations published in 2017 and 2019 were never finalized.

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

FEBRUARY 1, 2024

This regulation is directly applicable in all EU Member States since May 28, 2019.

Intellectual Property 72

Intellectual Property State law Court Compliance 72

Ikigai Law

AUGUST 7, 2023

In 2019, the ED used this power to cease three chimpanzees and four marmosets as ‘proceeds of crime’. Reporting entities must follow several compliance and reporting obligations under the anti-money laundering law. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs.

Data protection 52

Data protection Law Law e-records 52

new tech law blog

JUNE 22, 2023

The DMA will also impact other regulations applicable to the delivery of services on digital markets, particularly involving data protection (the General Data Protection Regulation and the ePrivacy Directive), competition law, consumer protection, and copyright (e.g. DMA recital 12). 39) under national regulations.

Compliance 52

Compliance Data protection Court Software 52

Debevoise Data Blog

OCTOBER 18, 2021

2019 IL 123186, 129 N.E.3d c) Texas Texas’s biometric privacy law also imposes similar requirements to BIPA, but allows more avenues for compliance. The Illinois Supreme Court has ruled that a plaintiff does not need to show real-world harm to state a successful claim—that is, a violation of the statute is enough. See Rosenbach v.

Law 52

Law Law Court Time-tracking 52

Debevoise Data Blog

FEBRUARY 28, 2022

A senior officer or director of the regulated entity must certify compliance with the NYDFS Cyber Rules annually, including the data minimization obligation. Under this requirement, businesses need to establish time limits for data deletion and to institute a periodic review of the necessity for continued data retention.

e-filing 52

e-filing Compliance Litigation Litigator 52

Debevoise Data Blog

MARCH 21, 2022

Commissioners have previously voted to allow data protection law violators to retain algorithms and technologies that derive much of their value from ill-gotten data. In 2019, the FTC ordered Cambridge Analytica to destroy algorithms derived from information collected from consumers through allegedly deceptive means.

Machine learning 40

Machine learning Court Time-tracking Compliance 40

Debevoise Data Blog

JANUARY 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and enforcement priorities. 1, 2019). [19] 18] In FTC v. 29, 2021). [16]

Compliance 52

Compliance Court Litigation Litigator 52

Debevoise Data Blog

NOVEMBER 2, 2022

What to do : Entities should check whether they are subject to the DSA as soon as possible and, if they are, start considering how to implement a compliance program to ensure DSA-readiness by February 2024 or, for VLOPs and VLOSEs, potentially on shorter notice.

Data protection 52

Data protection Compliance Machine learning Court 52

Debevoise Data Blog

JULY 9, 2021

Colorado has just adopted a brand-new data privacy law and Nevada has just significantly amended its law. These changes add rights for consumers, and compliance obligations for businesses, that take the U.S. Businesses would also need to obtain consumer consent prior to collecting any sensitive data.

Data protection 40

Data protection Attorney Compliance State law 40

Debevoise Data Blog

JANUARY 16, 2025

Third-Party Contractual and Compliance Obligations The rule prohibits data brokerage with any foreign person who is not a covered person unless the U.S. person ensures contractually that the foreign person will not engage in subsequent covered data transactions with a country of concern or covered person. DOJ expects U.S.

Compliance 52

Compliance Due diligence e-records Time-tracking 52