Technology Law Dispatch

AUGUST 2, 2023

The Summer 2023 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version This edition covers the following topics: New adequacy decision for EU-U.S. data transfers CJEU: Requirements for GDPR damage claims CJEU: Lawfulness of processing in case of Art.

Data protection 52

Data protection Court Law Law 52

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Therefore, implementation and exploitation of such solutions by the employer (as a controller of employee data) must be done in compliance with the rules for processing of personal data under Art.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

DECEMBER 13, 2022

UK ICO provides new risk assessment tool for Article 46 transfers What happened : On 17 November 2022, the UK ICO published updated guidance on international data transfers.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

AUGUST 25, 2022

On 18 July 2022, the UK government published the Data Protection and Digital Information Bill (the “Bill”), which proposes reforms to the UK’s data protection and e-privacy landscape in-line with the National Data Strategy.

Data protection 52

Data protection e-records 52

Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. The authors would like to thank Gavin Benson for his contribution to this article.

Data protection 52

Data protection Court Defendant Law 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What to do: As we reported previously there is increasing convergence between European data protection and competition law enforcement. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

AUGUST 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s teeth; the challenges of GDPR-compliant facial recognition, after a Spanish supermarket chain was fined €2.5

Data protection 52

Data protection Dispute resolution Court Case law 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. The decision draws parallels with the AI-related claims brought against Uber in the Netherlands , and is another example of the cross-over between data protection and employment law. CJEU Opinion clarifies the one-stop-shop.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

JUNE 16, 2021

Companies should take note of the FCO’s continued scrutiny of digital companies’ strong market position, and be mindful of the impact of their data processing from an antitrust and consumer perspective. The Federal Commissioner for Data Protection and Freedom of Information will be the sole regulator for the new Act.

Data protection 40

Data protection Compliance Court Time-tracking 40

Technology Law Dispatch

OCTOBER 2, 2023

On 11 September 2023, the UK’s Department for Science, Innovation, and Technology (DSIT), published the draft Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023 (DP Regulations), which seek to amend the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018).

Data protection 52

Data protection Law Law 52

Inside Privacy

FEBRUARY 20, 2024

On February 13, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on the notion of “main establishment” of a controller in the context of Article 4(16)(a) of GDPR. This blog post was drafted with the contribution of Diane Valat.)

Data protection 81

Data protection Law Law 81

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. This is more likely be compliant with data protection law, as firms will be better placed to demonstrate that the user has a genuine free choice.“

Data protection 59

Data protection Compliance Court Law 59

Technology Law Dispatch

OCTOBER 20, 2023

The Guidance provides advice to companies to help them comply with their obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) when monitoring anyone who performs work on their behalf. their right of erasure).

Data protection 72

Data protection Law Law 72

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Inside Privacy

JANUARY 24, 2024

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.

Intellectual Property 61

Intellectual Property Data protection Compliance Law 61

Inside Privacy

MARCH 15, 2023

On February 28, 2023, the European Data Protection Board (“EDPB”) released its non-binding opinion on the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The Commission sought the EDPB’s opinion pursuant to Article 71(1)(s) of the GDPR. law providing for access to data by U.S.

Data protection 74

Data protection Court Law Law 74

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend.

Data protection 59

Data protection Analytics Compliance Court 59

Technology Law Dispatch

FEBRUARY 20, 2024

In our view, this would result in ‘online platforms’ within the meaning of Article 3(i) EU Digital Services Act (“ DSA ”) to be out of scope, unless they also provide number-independent interpersonal communication services. European Data Protection Board (EDPB), Statement 1/2024 of 13 February 2024 ).

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

NOVEMBER 28, 2023

The Tribunal found that, although the data processing activities carried out by Clearview constituted the monitoring of the behaviour of UK data subjects (and therefore fell within the territorial scope of Article 2 UK General Data Protection Regulation (UK GDPR).),

Data protection 52

Data protection Law Law Court 52

Inside Privacy

MAY 4, 2023

On May 4, 2023, the Court of Justice of the European Union (‘CJEU’) decided, in case C-487/21 , that the right to obtain a ‘copy’ of personal data means that the data subject must provide with a faithful and intelligible reproduction of all personal data. Background. Fulfilling the right of access.

Intellectual Property 74

Intellectual Property Data protection Court Law 74

Technology Law Dispatch

FEBRUARY 22, 2023

C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. Whether Article 38(3) GDPR precluded member states from setting out further grounds for the dismissal of a DPO, beyond those laid out in the GDPR. […] 4.

Data protection 59

Data protection Court Compliance Federal law 59

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52

LLRX

MAY 20, 2023

On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly complex and wide ranging ways technology is used to compromise and diminish our privacy and online security, often without our situational awareness.

Data protection 84

Data protection Legal research 84

Inside Privacy

NOVEMBER 20, 2023

On November 16, 2023, the European Data Protection Board (“EDPB”) issued draft Guidelines 2/2023 on Technical Scope of Art. Article 5(3) is the provision that requires consent before storing or accessing information on an end user’s device. 5(3) of ePrivacy Directive (“Guidelines”).

Time-tracking 57

Time-tracking Data protection Software Law 57

Technology Law Dispatch

MAY 10, 2023

Transfers of personal data The SAs agreed that before assessing the lawfulness of international data transfers within the meaning of Chapter V of the GDPR, controllers must ensure that all other provisions of the GDPR are complied with. They thus determine the “purposes and means” of processing under Article 4(7) GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

Inside Privacy

APRIL 3, 2023

However, according to the court, this “secondary use” of the register was permissible on the basis of Article 6(1)(e), (3) and (4) GDPR, because the “secondary use” was made under a national or EU law seeking to safeguard an objective referred to in Article 23(1) of the GDPR.

Court 52

Court Data protection Litigator Litigation 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 52

Data protection Compliance Court Law 52

Technology Law Dispatch

MARCH 13, 2023

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (‘ LIBE Committee ’) and the European Data Protection Board (‘ EDPB ’) have recently issued opinions on the European Commission’s draft US adequacy decision (‘ Draft Adequacy Decision ‘) for the EU-US Data Privacy Framework (‘ Framework ‘).

Data protection 52

Data protection Court Law Law 52

Vogel IT Law

APRIL 4, 2023

HealthCareInfoSecurity.com reported that “A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019.” Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021.

Data protection 52

Data protection Court Litigator Litigation 52