2025 and Data protection - Legal Tech Connection

Texas Passes Data Privacy and Security Act

Inside Privacy

MAY 30, 2023

The Act also requires controllers to implement opt-out preference signals by January 1, 2025. Sensitive Data : Controllers must obtain consent before processing a consumer’s sensitive data. identifies a consumer within a radius of 1,750 ft.).

Data protection

Data protection Attorney Law Law

ENISA Releases Comprehensive Framework for Ensuring Cybersecurity in the Lifecycle of AI Systems

Technology Law Dispatch

JUNE 30, 2023

ENISA emphasises that this has to be done in line with all relevant EU legislation, including the General Data Protection Regulation, Network and Information Security Directive (NIS2), and Cybersecurity Resilience Act (CSA). Once published, there will be a period of 24 months before it becomes effective (estimated Q3/4 2025).

Data protection

Data protection Compliance

Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)

Eric Goldman

APRIL 28, 2023

If passed, the bill goes into effect July 1, 2024 with the first round of DPIAs due July 1, 2025. Among their targets were the Data Protection Impact Assessment requirements, which NetChoice argued amounted to prior restraint and compelled speech. The bill is currently pending approval by both chambers.

Data protection

Data protection Court Hearing Judge

European Data Protection Roundup – December 2023

Debevoise Data Blog

JANUARY 25, 2024

They are also reminded of their obligation to maintain appropriate technical and organisational measures in relation to their data processing, and may wish to review their compliance with these measures. It remains to be seen whether data protect authorities will provide guidance on how to interpret the “draw strongly” condition.

Data protection

Data protection Court e-records Compliance

The UK Online Safety Act – Keeping you informed here

Technology Law Dispatch

NOVEMBER 22, 2023

Nov 2023 – Consultation on illegal content Dec 2023 – Consultation on child safety, pornography, and protecting women and girls Spring 2024 – advice to the Secretary of State on categorization End of 2024 – publishing a register of categorized services Early to mid-2025 – codes of practice on fraudulent advertising and transparency notices

Compliance

Compliance Data protection

European Data Protection Roundup – January 2024

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection

Data protection Compliance Court e-records

EU Rules Restricting the International Transfers of Non-Personal Data

Inside Privacy

FEBRUARY 1, 2024

Note that the data localization prohibition in this Regulation applies to individual EU Member States’ laws; it does not preclude the EU from implementing data localization requirements. The restrictions on transfers of non-personal data appear to serve two main purposes. X (Recent Council versions remove this obligation.)

Intellectual Property

Intellectual Property State law Court Compliance

How Enhanced Reporting Can Improve’s Legal Operations

MatterSuite

SEPTEMBER 4, 2023

Gartner experts expect legal departments to increase their spending on legal technology threefold by 2025. When implementing enhanced reporting, it’s crucial to have robust data security measures in place to protect sensitive information.

Time-tracking

Time-tracking Compliance Case management Analytics

Utah Joins the Comprehensive State Privacy Law Club

Debevoise Data Blog

APRIL 29, 2022

The UCPA is set to be reviewed by the attorney general who must submit a report to the legislature by July 1, 2025. No Requirement to Conduct Risk Assessments or Data Protection Impact Assessments Under the UCPA, businesses are not required to conduct risk assessments related to their processing or control of personal data.

Law

Law Law Data protection Attorney

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Debevoise Data Blog

OCTOBER 31, 2023

For example, the French data protection authority, the CNIL, recently published a series of fact sheets aimed at helping companies achieve GDPR-compliance when developing and adopting AI tools. In the Response Paper, a number of respondents flagged the UK GDPR as, in their opinion, creating particular challenges.

Compliance

Compliance Due diligence Machine learning Data protection

Connecticut’s Next Generation Data Privacy Law

Debevoise Data Blog

MAY 23, 2022

This contrasts with the VCDPA’s and the UCPA’s definition of “sale,” which is limited to an exchange of personal data for only monetary consideration. The CTPA bolsters opt-out rights by requiring controllers to recognize a global opt-out preference by January 1, 2025. CTPA § 6(e)(1)(A)(ii). CTPA § 11(b).

Law

Law Law Compliance Attorney

NIS2 toughens up EU’s cyber security obligations

Technology Law Dispatch

FEBRUARY 23, 2023

Member States must also establish a list of essential and important entities by 17 April 2025. Next steps NIS2 must be transposed into EU member state national law by 17 October 2024. ENISA must create and maintain a register of entities subject to NIS2 based on the lists created by the member states.

Data protection

Data protection Law Law

Overview of Global AI Regulatory Developments and Some Tips to Reduce Risk

Debevoise Data Blog

MAY 2, 2023

Canada In June 2022, the Government of Canada put forward the Artificial Intelligence and Data Act (“AIDA”) as part of Bill C-27, the Digital Charter Implementation Act.

Compliance

Compliance Time-tracking Data protection Law

EU may expand the scope of the adequacy decision for Japan following its first review

Technology Law Dispatch

APRIL 19, 2023

On 4 April 2023, the Personal Information Protection Commission of Japan (PPC) and European Commissioner for Justice issued a joint Press Statement on the conclusion of the first review of the Japan-EU Mutual Adequacy Decision.

Data protection

The UK’s Emerging Approach to AI Regulation

Debevoise Data Blog

FEBRUARY 22, 2024

The UK’s approach is therefore an important reminder that while there is often significant public attention on new AI laws, such as the EU AI Act, the use of AI is already subject to a wide variety of existing legal requirements under other technology-neutral laws, including data protection and equalities legislation.

Data protection

Data protection Law Law Compliance

New Jersey and New Hampshire Pass Comprehensive Privacy Legislation

Inside Privacy

JANUARY 29, 2024

The Act, which will take effect on January 1, 2025, resembles similar statutes in Connecticut and other states with a few distinctions. The Act also grants the Attorney General the authority to require controllers to disclose data protection assessments relevant to investigations conducted by the Attorney General.

Data protection

Data protection Attorney Law Law

The EU AI Act: Political Agreement Secured, We Await the Final Text

Debevoise Data Blog

DECEMBER 17, 2023

If this timeline is met, the first provisions of the Act to come into force (the prohibition on “unacceptable risk” AI systems) will take effect in late 2024, followed by the requirements related to “high risk” systems in early 2025, and the remaining provisions in 2026. How to prepare.

Data protection

Data protection Compliance Time-tracking Law

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Debevoise Data Blog

JULY 9, 2021

Data Protection Assessments Also similar to a provision of the VCDPA that has often been criticized for being vague and overly burdensome, SB 21-190 requires businesses to conduct regular data protection assessments for each of their activities that involve personal data and present a heightened risk of harm to consumers.

Data protection

Data protection Compliance Attorney State law

Legal Tech Connection

Texas Passes Data Privacy and Security Act

ENISA Releases Comprehensive Framework for Ensuring Cybersecurity in the Lifecycle of AI Systems

Trending Sources

Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)

European Data Protection Roundup – December 2023

The UK Online Safety Act – Keeping you informed here

European Data Protection Roundup – January 2024

EU Rules Restricting the International Transfers of Non-Personal Data

How Enhanced Reporting Can Improve’s Legal Operations

Utah Joins the Comprehensive State Privacy Law Club

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Connecticut’s Next Generation Data Privacy Law

NIS2 toughens up EU’s cyber security obligations

Overview of Global AI Regulatory Developments and Some Tips to Reduce Risk

EU may expand the scope of the adequacy decision for Japan following its first review

The UK’s Emerging Approach to AI Regulation

New Jersey and New Hampshire Pass Comprehensive Privacy Legislation

The EU AI Act: Political Agreement Secured, We Await the Final Text

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Stay Connected