Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards. ICO proposes £6.09

Data protection 52

Data protection Court Software Compliance 52

Ikigai Law

AUGUST 8, 2023

A detailed clause-wise analysis of the Digital Personal data Protection Bill 2023 On 7 August 2023, the Lok Sabha passed the Digital Personal Data Protection Bill, 2023. It will soon be introduced in the Rajya Sabha and likely become a law in a couple of days. Read the analysis here.

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

DECEMBER 13, 2022

Digital Operation Resilience Act is imminent What happened : On 28 November 2022, the European Union finalised the EU Digital Operational Resilience Act (“DORA”). The UK Government followed on 30 November 2022 with an announcement about its own expanded measures, which focus in particular on critical digital infrastructure.

Data protection 52

Data protection Due diligence Compliance Hearing 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

SEPTEMBER 9, 2021

The court also struck out the claimant’s negligence claim on the grounds that: (i) case law has established that negligence cannot be pleaded alongside Data Protection Act claims; and (ii) “distress” does not constitute damage, as required for a successful negligence claim.

Data protection 52

Data protection Court Litigator Litigation 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 130

Data protection Compliance International law Law 130

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.

Data protection 52

Data protection Software design Machine learning Software 52

Legal IT Group

NOVEMBER 10, 2023

Companies often need to transfer personal data to other countries while conducting their business operations. Since personal data is not everywhere reliably protected by law, there are plenty of requirements for its legal transfer. Standard data protection (or contractual) clauses ( SCCs ) are the most common safeguards.

Data protection 130

Data protection Compliance Law Law 130

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws. So, what “agreed in principle” proposals are worth paying attention to?

Data protection 130

Data protection Compliance Litigator Litigation 130

Debevoise Data Blog

DECEMBER 22, 2023

This guidance, which draws on the GDPR as well as national and EU case law, contains relevant advice for using AI in the healthcare space more broadly. For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Legal IT Group

JANUARY 10, 2023

Since the entry into force of the General Data Protection Regulation (GDPR), many companies processing the data of Europeans have faced the task of achieving the much desired GDPR-compliance. Why do we need this?

Compliance 130

Compliance Data protection Law Law 130

CaseFox

FEBRUARY 27, 2023

In 2022, a Gartner report quoted, “By 2024, legal departments will replace 20% of generalist lawyers with nonlawyer staff”. Law tech helps improve and streamline legal processes, ranging from document automation to artificial intelligence (AI) tools for legal research. Change management is a prism.

Legal tech 97

Legal tech Legal tech Law firm Document automation 97

Debevoise Data Blog

SEPTEMBER 12, 2022

Russia has enacted amendments to its Personal Data Law (the “ Amendments ”) that may have a significant impact on companies operating in Russia. The Amendments became effective on September 1, 2022, save for certain provisions that will become effective on March 1, 2023.

Data protection 52

Data protection Compliance Time-tracking Litigator 52

Debevoise Data Blog

JANUARY 25, 2024

The CJEU has also recently reaffirmed that GDPR precludes national law makers from imposing a de minimis threshold for non-material damage. This judgment arose from a 2019 cyberattack against the Bulgarian National Revenue Agency which resulted in a threat actor publishing more than 6 million people’s personal data on the internet.

Data protection 40

Data protection Court e-records Compliance 40

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

DECEMBER 1, 2021

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to the laws and regulations that govern how companies collect, use, store and transfer the personal information of their consumers and employees.

Law 52

Law Law Data protection Litigator 52

Debevoise Data Blog

JANUARY 30, 2023

Last year, yet again, saw significant GDPR enforcement actions, important regulatory guidance, and an abundance of European legislative activity touching on cyber, data protection and AI-regulatory issues. officials in April 2022 finally struck a deal to enable a GDPR Article 45 adequacy decision for the U.S. covered here ).

Data protection 52

Data protection Compliance Analytics Law 52

Legal IT Group

APRIL 28, 2023

Contract as a legal basis for data processing It is worth recalling that during the consideration of the dispute by the EDPB in 2022, which imposed a fine of about $390 million on Meta Platforms, its position was that Facebook publicly positions itself not just as a social network but as a provider of personalized advertising services.

Data protection 130

Data protection Time-tracking Court Lawsuit 130

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Legal IT Group

APRIL 2, 2025

The practical problem is finding the balance between business using technology to get benefits from personal data and actual real control of the personal data by the data subjects. Definition of personal data 1.2. Rights of data subjects 1.4. Social media advertising, based on personal data 2.2.

Data protection 130

Data protection Compliance Software Machine learning 130

Legal IT Group

JULY 5, 2023

The code of conduct approved by the company is one of the signs that the company knows what and how it needs to do to carry out the lawful processing of personal data. As healthcare facilities are data controllers under the provisions of the GDPR, they are responsible for ensuring the proper processing of patients’ personal data.

Data protection 130

Data protection Compliance Court Software 130

Clio

JANUARY 30, 2024

Law firm data security should be a top priority for any practice, and here’s why: Clients trust you with their most confidential information. Since clients entrust lawyers with so much of their sensitive data, law firms make prime targets for cybercrime. You don’t want your law firm to become part of that statistic.

Law firm 98

Law firm Law Law Due diligence 98

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Emerging technologies have changed the manner in which personal data is collected and used. As a result, 2023 could be an exciting and a busy year for privacy and data.

Data protection 59

Data protection Analytics Compliance Court 59

Legal IT Group

JANUARY 30, 2023

Regulation of the use of artificial intelligence technologies may affect the application of other laws. With the widespread use of artificial intelligence technologies, legislators in many countries are trying to develop a regulatory framework. It is also proposed to create regulators at the national level. What will the AI Act regulate?

Data protection 130

Data protection Law Law Software 130

new tech law blog

MARCH 10, 2023

“Dark patterns” used by online platform providers have been controversial for some time, but recently there has been a growing buzz about them, in particular due to actions undertaken by EU and national data protection and consumer protection authorities. What are “dark patterns”?

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. This is more likely be compliant with data protection law, as firms will be better placed to demonstrate that the user has a genuine free choice.“

Data protection 59

Data protection Compliance Court Law 59

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

LawSites

SEPTEMBER 6, 2023

Automating the Standard Last week, Preston Clark , CEO and cofounder of SimpleDocs (as well as of the contract database site Law Insider ), gave me a demonstration of AutoNDA, joined by SimpleDocs cofounders Jordan Trevino , chief technology officer, and Ali Waqar , chief operating officer. The governing law should a dispute arise.

Software 126

Software Dispute resolution Time-tracking Data protection 126

Technology Law Dispatch

APRIL 18, 2023

White paper In July 2022 the AI Regulation Policy Paper set out plans for a risk-based, adaptable regulatory framework. ICO’s updated guidance on AI and Data Protection The ICO issued updated its guidance on AI and Data Protection following requests to clarify requirements for fairness in AI.

Data protection 59

Data protection Compliance 59

Richmond Journal of Law and Technology

MAY 2, 2023

These include e-commerce law, consumer protection law, data privacy laws, and breach notification laws. However, companies can use these laws to their advantage by using them as a guide to identify the most suitable e-commerce market to enter. 11] Therefore, it is crucial for U.S. 15] Ultimately, U.S.

Data protection 52

Data protection Compliance Due diligence Law 52

Eric Goldman

MARCH 17, 2025

I don’t normally start my blog posts with a meme, but this one tells you everything you need to know: * * * This blog post concerns the California Age-Appropriate Design Code (AADC), passed by the California legislature in 2022. The law cloned-and-revised the UK’s AADC. Newsom didn’t care.

Court 52

Court Data protection Judge Law 52

Inside Privacy

MARCH 23, 2023

There is, however, an increasing body of EU law requiring organizations to adopt some appropriate measures to verify age. For instance, the Audiovisual Media Services Directive requires the adoption of appropriate measures to protect children from harmful content, including through age verification.

Data protection 79

Data protection Law Law 79

Ikigai Law

APRIL 30, 2023

This post explores if Generative AI tools such as ChatGPT can collect our data from the Internet without our consent on the ground that the data is in the public domain. It also explores if ChatGPT’s recent ban in Italy over data protection norms has any lessons for India. One that’s similar to the EU approach.

Data protection 52

Data protection Law Law Court 52

Law Technology Today

APRIL 11, 2023

The Prevalence of Identity Theft Identity theft is a growing concern for global businesses, and the statistics for 2022 are alarming. According to the 2022 Identity Theft Resource Center’s Data Breach Report , there were 1,802 data compromises in the United States. Even small businesses are not spared.

Data protection 80

Data protection Failure-to-appear Software Lawsuit 80

Inside Privacy

MAY 2, 2023

The Global CBPR Forum was established in 2022 via the Global CBPR Declaration , and derives from the Asia-Pacific Economic Cooperation (“APEC”) CBPR System. For businesses with global operations, it can be a challenge to ensure compliance with the increasing number of data protection laws in jurisdictions around the world.

Data protection 65

Data protection Compliance Law Law 65