Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance Dispute resolution e-records 52

Debevoise Data Blog

JUNE 16, 2021

This follows a February 2021 reference by the German courts to the CJEU on whether the GDPR imposes a materiality threshold for damages claims. The Act enters into force on 1 December 2021. The Federal Commissioner for Data Protection and Freedom of Information will be the sole regulator for the new Act.

Data protection 40

Data protection Compliance Court Time-tracking 40

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. Stolen data was also posted on the darkweb.

Data protection 52

Data protection Court Defendant Law 52

Ikigai Law

AUGUST 11, 2023

“If you don’t see me in half a decade, just wait a little longer” – India’s data protection bill ( circa 2018 ) On 9 th August, the Digital Personal Data Protection Bill, 2023 was finally passed in the Parliament. The finish line – the new data bill What stood out?

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

FEBRUARY 20, 2023

The Task Force was convened in September 2021 following hundreds of cookie banner-related complaints from the European Center for Digital Rights. EDPB’s cookie banner task force report highlights user-friendly design choices What happened : In January 2023, the EDPB adopted a final report on the Cookie Banner Task Force’s work.

Data protection 52

Data protection Compliance e-records Court 52

Legal Tech Blog

SEPTEMBER 7, 2023

New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. On September 1, a new data protection law (revDSG) has come into force in Switzerland. However, compliance can be largely automated through artificial intelligence.

Compliance 67

Compliance Data protection Legal tech Legal tech 67

Vogel IT Law

APRIL 4, 2023

HealthCareInfoSecurity.com reported that “A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019.” Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021.

Data protection 52

Data protection Court Litigator Litigation 52

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend.

Data protection 59

Data protection Analytics Compliance Court 59

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. The Program is divided into four pillars, which largely reflect the priorities already set out in its Strategy 2021-2023.

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

DECEMBER 1, 2022

On 24 November 2022, the Data Protection (Adequacy) (Republic of Korea) Regulations were laid before the UK parliament for approval. The UK government’s decision follows the adequacy decisio n granted to South Korea by the European Commission in December 2021. The Regulations are due to come into force on 19 December 2022.

Data protection 52

Data protection Law Law 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 52

Data protection Compliance International law Law 52

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”). Other organizations (i.e.,

Data protection 69

Data protection Court Compliance Hearing 69

LawSites

DECEMBER 27, 2022

Notably, the post that captured the most eyes was about New York becoming the first state to mandate CLE in cybersecurity, privacy and data protection. New York Becomes First State to Mandate CLE in Cybersecurity, Privacy and Data Protection. The 10 Legal Tech Trends that Defined 2021. Here’s What Happened.

Data protection 77

Data protection Analytics Legal tech Legal tech 77

Richmond Journal of Law and Technology

MAY 2, 2023

The African Union (AU) member states and Economic Community of West African States (ECOWAS) member states are obligated to respect, protect, and promote the right to privacy and personal data protection, as stated in their declarations and conventions. [12] 12] To ensure compliance and mitigate risks, U.S. 15] Ultimately, U.S.

Data protection 52

Data protection Compliance Due diligence Law 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

LawSites

SEPTEMBER 6, 2023

With the goal of simplifying and standardizing those business dealings, the non-profit organization oneNDA developed an open-source NDA that, since its launch in 2021, has been adopted by more than 1,000 companies, including American Express, Google, Novartis and Panasonic. The formally launched version one in August 2021.

Software 107

Software Dispute resolution Time-tracking Data protection 107

Technology Law Dispatch

MARCH 6, 2023

If you can remember as far back as December 2021, we published a blog post announcing that the European Data Protection Board (EDPB) published draft guidelines on the interplay between the territorial scope of the GDPR and the international transfer requirements.

Data protection 52

Data protection 52

Inside Privacy

MARCH 23, 2023

The eID proposal would also enable minors to use their digital identity wallet to prove their age without disclosing other personal data.

Data protection 79

Data protection Law Law 79

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

DECEMBER 9, 2021

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment.

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

SEPTEMBER 21, 2022

For UK data transfers: all new agreements executed on or after 21 September 2022 should incorporate the UK Addendum or IDTA; and all existing agreements incorporating the old SCCs must be updated by 21 March 2024 (or sooner if the processing operations change before then).

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

NOVEMBER 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of China. The last of these, the PIPL, became effective November 1, 2021. Any data processor that transfers “important data”.

Data protection 52

Data protection Compliance Law Law 52

ELTA

JUNE 3, 2021

Two new ambassadors were appointed in May 2021: With the nomination of Suzanna Kalendzhian for UAE and Elvīra Krēķe for Latvia, the European Legal Technology was able to further consolidate its Ambassador network. “We says Holger Zscheyge, ELTA’s president.

Data protection 52

Data protection Legal advice Legal tech Legal tech 52

Legal Tech Monitor

SEPTEMBER 6, 2023

With the goal of simplifying and standardizing those business dealings, the non-profit organization oneNDA developed an open-source NDA that, since its launch in 2021, has been adopted by more than 1,000 companies, including American Express, Google, Novartis and Panasonic. The formally launched version one in August 2021.

Software 52

Software Dispute resolution Time-tracking Data protection 52

Legal Tech Innovation Wales

FEBRUARY 15, 2023

Various pieces of legislation apply to AI, for example, UK data protection laws refer specifically to automated decision-making and the processing of personal data. This means that chat bots like Harvey are not able to process client data, without clients first opting-in to having their information used in this way.

Machine learning 59

Machine learning Data protection Legal research Lawyer 59

Debevoise Data Blog

NOVEMBER 29, 2023

While some countries have indicated that they intend to allocate responsibility to their existing data protection authorities, others (such as Spain ) will create specific AI-focused agencies. On 21 April 2021 the Commission published its draft legislation governing the use of AI; this forms the basis of the negotiation discussions.

Compliance 52

Compliance Data protection e-records Law 52

LawSites

DECEMBER 1, 2021

Among its key findings: Data protection is a clear and rising threat for 46% of GC, while more than a third are concerned about increased regulation and antitrust enforcement. on a scale of 1 to 5) for data privacy obligations and regulations such as GDPR and CCPA, that confidence slipped notably (to 3.27) for 2022.

e-discovery 96

e-discovery Compliance e-filing Data protection 96

Inside Privacy

APRIL 24, 2023

For example, in October 2022, the Bank of England and Financial Conduct Authority (“FCA”) jointly released a Discussion Paper on Artificial Intelligence and Machine Learning considering how AI in financial services should be regulated and, in March 2023, the ICO updated its Guidance on AI and Data Protection.

Intellectual Property 69

Intellectual Property Data protection Machine learning Compliance 69

Debevoise Data Blog

MARCH 11, 2021

Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. The Road Ahead and Key Takeaways The SEC’s 2021 Priorities highlight the increased risks associated with work-from-home protocols and vendor management, both of which we have discussed in depth in the last year here and here.

Compliance 52

Compliance Data protection Attorney 52

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. Virginia The Virginia Consumer Data Protection Act ( VCDPA ) was adopted in the spring of 2021 and came into force on January 01, 2023.

Data protection 52

Data protection Law Law Attorney 52

Debevoise Data Blog

SEPTEMBER 9, 2021

The court also struck out the claimant’s negligence claim on the grounds that: (i) case law has established that negligence cannot be pleaded alongside Data Protection Act claims; and (ii) “distress” does not constitute damage, as required for a successful negligence claim.

Data protection 52

Data protection Court Litigator Litigation 52

Debevoise Data Blog

APRIL 19, 2021

On 1 March 2021, Federal Law No. 519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. This is additional to general data processing consent, which is still required under pre-existing data protection law. Transfer of Publicly Disclosed Personal Data.

Due diligence 52

Due diligence Data protection Federal law Court 52