Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. Second , enforcement goes far beyond data breaches and the GDPR.

Data protection 52

Data protection Failure-to-appear Litigation Litigator 52

Inside Privacy

APRIL 28, 2023

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. AI has been a strategic priority for the ICO for several years.

Data protection 74

Data protection Compliance Law Law 74

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What happened: CNIL has reminded businesses to audit their use of cookies and tracking technologies, ahead of the regulator’s October 2020 guidance coming into force at the end of March.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 million for various breaches of the GDPR and Spanish e-privacy laws, topping the €6 million CaixaBank penalty from earlier this year. €4

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. Standard Contractual Clauses).

Data protection 52

Data protection Failure-to-appear e-records Compliance 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. UK ICO fines TikTok £12.7

Data protection 52

Data protection Software design Machine learning Software 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 130

Data protection Compliance International law Law 130

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing e-records Compliance 52

Inside Privacy

NOVEMBER 28, 2023

They raise various questions under regulatory and data protection and data security laws. The DiGA Regulation imposes specific data protection and data security requirements on health apps (in addition to safety, functionality, quality and interoperability requirements). 26 of the GDPR.

Data protection 57

Data protection Time-tracking Software Law 57

Ikigai Law

AUGUST 11, 2023

“If you don’t see me in half a decade, just wait a little longer” – India’s data protection bill ( circa 2018 ) On 9 th August, the Digital Personal Data Protection Bill, 2023 was finally passed in the Parliament. The finish line – the new data bill What stood out? Whose competition is it but?

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. However, the surveillance system was deemed to be neither limited to a specific period, nor to specific employees, as required by local law. EDPB publishes new data breach notification guidance. website.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant. These developments, and more, are covered below.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. law” and, in particular, did not address issues identified by the CJEU in the Schrems II decision.

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 130

Data protection Compliance Court Law 130

Legal IT Group

NOVEMBER 10, 2023

Companies often need to transfer personal data to other countries while conducting their business operations. Since personal data is not everywhere reliably protected by law, there are plenty of requirements for its legal transfer. Standard data protection (or contractual) clauses ( SCCs ) are the most common safeguards.

Data protection 130

Data protection Compliance Law Law 130

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

JUNE 16, 2021

These decisions follow the CNIL’s October 2020 updated cookies guidelines (see our blog post ). Those that don’t, may face significant penalties; in December 2020, the CNIL fined Google and Amazon €100 million and €35 million respectively for their cookies practices (see our blogpost ). The Act enters into force on 1 December 2021.

Data protection 40

Data protection Compliance Court Time-tracking 40

MatterSuite

MAY 8, 2023

According to the FBI’s Internet Crime Complaint Center (IC3), in 2020, there were 791,790 complaints of suspected internet crime, resulting in an estimated loss of $4.2 Law firms are often targeted by cybercriminals due to the sensitive information they handle and the potential for financial gain.

Compliance 98

Compliance Failure-to-appear Data protection Intellectual Property 98

Clio

JANUARY 30, 2024

Law firm data security should be a top priority for any practice, and here’s why: Clients trust you with their most confidential information. Since clients entrust lawyers with so much of their sensitive data, law firms make prime targets for cybercrime. You don’t want your law firm to become part of that statistic.

Law firm 98

Law firm Law Law Due diligence 98

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52

Richmond Journal of Law and Technology

MAY 2, 2023

These include e-commerce law, consumer protection law, data privacy laws, and breach notification laws. However, companies can use these laws to their advantage by using them as a guide to identify the most suitable e-commerce market to enter. 11] Therefore, it is crucial for U.S. 15] Ultimately, U.S.

Data protection 52

Data protection Compliance Due diligence Law 52

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. Of the laws not yet in force, only the CPA envisions rulemaking. Recently, a number of U.S. Recently, a number of U.S.

Data protection 52

Data protection Law Law Compliance 52

The North Carolina Journey of Law and Technology

NOVEMBER 18, 2023

Just over a month ago, TikTok received a $370 million fine from the Irish Data Protection Commission (DPC) for violating children’s data privacy law under the General Data Protection Regulation (GDPR). Simon Cawley Simon Cawley is currently a 2L at the University of North Carolina School of Law.

Data protection 52

Data protection Law Law 52

CaseFox

DECEMBER 1, 2023

Cybercriminals view law firms as a warehouse that can provide them with access to sensitive data. This data usually includes crucial information such as employee identification, client’s personal information, banking details, on-public details, and other confidential information. It will jeopardize attorney-client relationships.

Law firm 52

Law firm Law Law Intellectual Property 52

Inside Privacy

DECEMBER 15, 2023

As we’ve previously noted , dark patterns are an area of increasing focus of regulators, and the joint paper reflects the growing interplay between privacy and competition laws – a trend we expect to see continue in 2024.

Data protection 65

Data protection Law Law 65

Ikigai Law

AUGUST 7, 2023

somebody has to sound the alarm.” – Meryl Streep, The Laundromat The Prevention of Money Laundering Act (or, as its friends call it, the ‘PMLA’) is a long-arm law. Reporting entities must follow several compliance and reporting obligations under the anti-money laundering law. The data law is nearly here!

Data protection 52

Data protection Law Law e-records 52

Technology Law Dispatch

MAY 10, 2023

The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies ( Tracking Cookie ). The report stresses that after the CJEU Schrems II judgment data transfers based on the invalidated EU-US Privacy Shield are not compliant with the GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What did the ICO find? What is next?

Data protection 52

Data protection Compliance Court Law 52

Inside Privacy

FEBRUARY 27, 2023

Background The RAD came into force on December 24, 2020 with the objective of introducing a common framework and approach to collective actions across the EU. Covington’s Data Privacy and Cybersecurity Team will continue to monitor the transposition of the EU Representative Actions Directives in EU member states.

Data protection 52

Data protection Court Litigation Litigator 52

Debevoise Data Blog

JUNE 25, 2022

Across the globe, regulators and lawmakers have passed laws aimed at reducing these risks. In this Debevoise Data Blog post, we discuss several new laws focused on ADM that are either in effect today or will go into effect in 2023, as well as circumstances in which litigants have used these laws to challenge companies’ uses of ADM tools.

Compliance 52

Compliance Law Law Data protection 52

Debevoise Data Blog

OCTOBER 18, 2021

And what’s a company to do right now, with facial recognition opportunities presenting themselves today while the law remains a moving target? In this Part 1, we lay out the current laws governing facial recognition in the United States. In Part 2, we assess where the law is headed and offer some practical risk-reduction strategies.

Law 52

Law Law Court Time-tracking 52

Debevoise Data Blog

SEPTEMBER 19, 2022

On September 15, 2022, California Governor Gavin Newsom signed into law the bipartisan AB 2273 , known as the California Age-Appropriate Design Code Act (“California Design Code”). Notable affirmative obligations include: Data Protection Impact Assessments (“DPIAs”). How does the California Design Code compare to other laws?

Data protection 52

Data protection Compliance Time-tracking Attorney 52