Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance Dispute resolution e-records 52

Debevoise Data Blog

OCTOBER 20, 2023

data bridge comes into force 12 October 2023 What happened : Parliament passed Regulations giving effect to the UK-U.S. data bridge from 12 October 2023. EU context, see this Debevoise blog. From 12 October, UK businesses can transfer UK GDPR-covered personal data to certified U.S. For the wider UK-U.S.-EU

Data protection 52

Data protection Intellectual Property Compliance Law 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Technology Law Dispatch

JUNE 23, 2023

On 19 June 2023, the Information Commissioner’s Office (ICO) has released new Guidance on Privacy-Enhancing Technologies (PETs) for Data Protection Compliance. Understanding PETs PETs are software and hardware systems that can help minimize use of personal data use while maximizing information security.

Data protection 52

Data protection Compliance Software Law 52

Debevoise Data Blog

DECEMBER 13, 2022

What to do : Read our blog post for detailed guidance on scope, applicability and penalties under NIS2, including how to prepare for the revised incident reporting, security and management oversight obligations. .

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Therefore, implementation and exploitation of such solutions by the employer (as a controller of employee data) must be done in compliance with the rules for processing of personal data under Art.

Data protection 52

Data protection Law Law Time-tracking 52

Eric Goldman

MARCH 15, 2023

This is not the first time my blog has been subject to right-to-be-forgotten (RTBF) takedowns. But every time the RTBF is applied to my blog, it’s probably a wrongful application of a misguided policy and worth relaying here. It is critical information, even if the blog is just a bit player in the matter.

Data protection 93

Data protection Law Law 93

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. What to do : Monitor developments in the case, which we will report on the blog as they become available.

Data protection 52

Data protection Court Defendant Law 52

Eric Goldman

APRIL 28, 2023

by guest blogger Jess Miers, Legal Advocacy Counsel at Chamber of Progress [Eric’s intro: last year I blogged about Minnesota’s flirtation with mandatory age verification. Among their targets were the Data Protection Impact Assessment requirements, which NetChoice argued amounted to prior restraint and compelled speech.

Data protection 126

Data protection Court Hearing Judge 126

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. See our blog post here for further tips on managing the latest landscape.

Data protection 52

Data protection Compliance Court Law 52

Ikigai Law

AUGUST 11, 2023

“If you don’t see me in half a decade, just wait a little longer” – India’s data protection bill ( circa 2018 ) On 9 th August, the Digital Personal Data Protection Bill, 2023 was finally passed in the Parliament. The finish line – the new data bill What stood out?

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

AUGUST 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s teeth; the challenges of GDPR-compliant facial recognition, after a Spanish supermarket chain was fined €2.5

Data protection 52

Data protection Dispute resolution Court Case law 52

Debevoise Data Blog

AUGUST 25, 2022

On 18 July 2022, the UK government published the Data Protection and Digital Information Bill (the “Bill”), which proposes reforms to the UK’s data protection and e-privacy landscape in-line with the National Data Strategy.

Data protection 52

Data protection e-records 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. We will continue to report on progress through the Blog. What to do: As we reported previously there is increasing convergence between European data protection and competition law enforcement.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

FEBRUARY 20, 2023

Orange established a mobile telephone contract and SIM card without adequately verifying the customer’s data, resulting in identity theft and data processing of a victim’s personal data without consent. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. The decision draws parallels with the AI-related claims brought against Uber in the Netherlands , and is another example of the cross-over between data protection and employment law. CJEU Opinion clarifies the one-stop-shop.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

SEPTEMBER 12, 2022

Russia has enacted amendments to its Personal Data Law (the “ Amendments ”) that may have a significant impact on companies operating in Russia. Companies will also be required to conduct a cross-border data transfer risk assessment. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Compliance Time-tracking Litigator 52

Debevoise Data Blog

JUNE 16, 2021

These decisions follow the CNIL’s October 2020 updated cookies guidelines (see our blog post ). Companies should take note of the FCO’s continued scrutiny of digital companies’ strong market position, and be mindful of the impact of their data processing from an antitrust and consumer perspective.

Data protection 40

Data protection Compliance Court Time-tracking 40

Inside Privacy

JULY 3, 2023

On 21 June 2023, at the close of a roundtable meeting of the G7 Data Protection and Privacy Authorities, regulators from the United States, France, Germany, Italy, United Kingdom, Canada and Japan published a joint “Statement on Generative AI” (“Statement”) (available here ).

Data protection 108

Data protection Compliance Law Law 108

Inside Privacy

FEBRUARY 20, 2024

On February 13, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on the notion of “main establishment” of a controller in the context of Article 4(16)(a) of GDPR. This blog post was drafted with the contribution of Diane Valat.) We provide below an overview of the EDPB’s opinion.

Data protection 81

Data protection Law Law 81

Inside Privacy

JANUARY 14, 2024

Several EU data protection supervisory authorities (“SAs”) have recently issued guidance on cookies. On December 20, 2023, the Austrian SA published FAQs on cookies and data protection (available in German only). This blog post was written with the contributions of Alberto Vogel.)

Data protection 72

Data protection Analytics Time-tracking Law 72

Technology Law Dispatch

JULY 31, 2023

Please click here to access the source post from our Global Regulatory Enforcement Law Blog. In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR).

Data protection 52

Data protection Court Law Law 52

Inside Privacy

FEBRUARY 23, 2023

This blog post summarizes the ICO’s recommendations for video game developers and designers when creating video games that are likely to be accessed by children under the age of 18. For more information about the UK’s Age Appropriate Design Code, see our previous blog posts here and here.

Data protection 52

Data protection 52

Inside Privacy

MARCH 12, 2024

On February 28, the European Data Protection Board (“EDPB”) announced that EU supervisory authorities (“SAs”) will undertake a coordinated enforcement action in 2024 regarding data subjects’ right of access under the GDPR. In 2023, regulators focused upon data protection officers’ designation and role.

Data protection 72

Data protection Compliance 72

Legal Tech Blog

SEPTEMBER 7, 2023

New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. On September 1, a new data protection law (revDSG) has come into force in Switzerland. However, compliance can be largely automated through artificial intelligence.

Compliance 67

Compliance Data protection Legal tech Legal tech 67

Technology Law Dispatch

JULY 28, 2023

The recent reprimands by ICO shed light on areas of data protection where organizations across the public and private sectors have fallen foul of the UK GDPR and are instructive as to how organisations can improve their practices. Our blog focuses on three key lessons gleaned from these reprimands.

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Inside Privacy

NOVEMBER 13, 2023

Finally, the CJEU reiterated that the data subject must be given a “faithful and intelligible reproduction” of the data (see our blog post here ). The scope of GDPR’s right of access (see our blog posts here and here ) has been heavily litigated both at EU and national level.

Data protection 69

Data protection Law Law Court 69

Debevoise Data Blog

DECEMBER 18, 2023

As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. Part 1 of this Data Blog series discussed recent developments in the rulemaking for the California Privacy Rights Act.

Data protection 52

Data protection Compliance Hearing Attorney 52

Technology Law Dispatch

AUGUST 17, 2023

A specific example of this, as recently highlighted by an IOC representative, is failing to include a “reject all” button on cookie consent banners (see here for our blog on this). Simultaneously, the ICO will continue to enforce data protection rights, particularly for vulnerable individuals at risk of harm.

Data protection 52

Data protection Law Law 52

Inside Privacy

FEBRUARY 16, 2024

This blog post complements our previous blog post on the EU’s targeted advertising rules. For more information about the DMA, please see our previous blog posts here and here. For more information on dark patterns, see our previous blog posts here and here. DMA Rules on Targeted Advertising Scope. Legal Basis.

Data protection 103

Data protection 103