Blog, Data protection and State law - Legal Tech Connection

Blog

Data protection

State law

European Data Protection Roundup – Q4 2024

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection

Data protection Compliance Court State law

European Data Protection Roundup – November 2023

Debevoise Data Blog

DECEMBER 22, 2023

Regulators publish AI-related guidance to advise businesses on their existing obligations What happened : As discussed in previous blog posts , the EU AI Act, which has now concluded its passage through the EU “trilogue negotiations”, is expected to have a wide-reaching impact on businesses which use AI systems in, or sell them into, the EU.

Data protection

Data protection Time-tracking Compliance Machine learning

Join 5,000+

professionals

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Prep with Purpose: How to Build Better Trial Binders

MORE WEBINARS

Trending Sources

CJEU’s Advocate General Issues Opinion on GDPR Fines Against Companies

Inside Privacy

MAY 3, 2023

He opined that Member States’ law may not stipulate conditions going beyond those set out in the GDPR that make it more difficult to impute GDPR infringements to companies. million fine the Berlin Supervisory Authority imposed on Deutsche Wohnen SE for infringing the GDPR’s data retention obligations. companies).

State law

State law Court Data protection Law

Webinars

Prep with Purpose: How to Build Better Trial Binders

MORE WEBINARS

EU Rules Restricting the International Transfers of Non-Personal Data

Inside Privacy

FEBRUARY 1, 2024

In this blog post, we outline the current and forthcoming EU legislation on the international transfer of non-personal data. Note that the data localization prohibition in this Regulation applies to individual EU Member States’ laws; it does not preclude the EU from implementing data localization requirements.

Intellectual Property

Intellectual Property State law Court Compliance

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

Debevoise Data Blog

DECEMBER 1, 2021

Information Privacy Law. With a thorough discussion of the nuances related to advertising and tracking, this section also covers the new privacy laws impacting the industry, including updates stemming from the CCPA, the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act.

Law

Law Law Data protection Litigator

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

Debevoise Data Blog

DECEMBER 16, 2021

The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023. These developments have companies understandably concerned about complying with a patchwork of state laws.

Data protection

Data protection Compliance Law Law

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

3 Geeks and a Law Blog

JULY 11, 2023

Generally however, it’s hard for global law firms right that sometimes have to compete with conflicting regimes. Not all, I believe only one or two state laws in the US require it. When that happens, the level of data protection exponentially recedes. You know, they do. But it’s really a commercial decision.

Law firm

Law firm Time-tracking Due diligence Attorney

Utah Joins the Comprehensive State Privacy Law Club

Debevoise Data Blog

APRIL 29, 2022

In prior posts, we have written about the evolving state privacy law landscape, including how to prepare for state privacy laws coming into effect in 2023 here ; various aspects of the CCPA and CPRA, including here and here ; and the Virginia Consumer Data Protection Act (“VCDPA”) here.

Law

Law Law Data protection Attorney

Connecticut’s Next Generation Data Privacy Law

Debevoise Data Blog

MAY 23, 2022

Like other state privacy laws, the CTPA contains a number of entity-based and data-based exemptions, including financial institutions covered by the Gramm-Leach-Bliley Act, national securities associations that are registered under the Securities Exchange Act of 1934, and data regulated by the Fair Credit Reporting Act, among other exemptions.

Law

Law Law Compliance Attorney

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

For purposes of these blog posts, we focus mainly on the former use case—matching a face to a specific person for identification purposes—rather than other use cases such as emotional evaluation and lie detection. The TDPA provides for a private right of action for violation of the prohibition to sell, lease, or disclose data.

Law

Law Law Court Time-tracking

What the ADPPA Means for U.S. Data Regulation

Debevoise Data Blog

JULY 12, 2022

Even if not enacted, its provisions are likely to influence a future federal privacy law. And, in many ways, the ADPPA may set a new minimum standard that will shape any state laws passed to fill the void left by the lack of a federal privacy law. We’ve previously written about the development of U.S. ADPPA § 302(a).

State law

State law Federal law Compliance Data protection

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

Further, in a case that we have covered previously involving a supermarket using video surveillance with facial recognition capabilities, the Spanish data protection authority (the “AEDP”) fined grocer Mercadona for violating numerous provisions of the EU’s General Data Protection Regulation.

Compliance

Compliance Federal law Data protection Machine learning

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Debevoise Data Blog

JULY 9, 2021

further in the direction of European-style privacy law. Colorado and Nevada join California and Virginia in adding to the growing patchwork of disparate state laws — making it that much harder for any business seeking to have a single privacy program that is compliant everywhere.

Data protection

Data protection Attorney Compliance State law

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Debevoise Data Blog

JANUARY 14, 2022

The threat will be particularly severe for smaller companies that lack the legal expertise and capital to hire outside counsel to contest the FTC’s proposed settlements backed by the threat of potentially bankrupting fines regardless of whether they believe their activities are completely lawful. [34] 1, 2021). [13] 7, 2022). [14] 7, 2021).

Compliance

Compliance Court Litigator Litigation

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

Richmond Journal of Law and Technology

MARCH 7, 2025

Additionally, states and the federal government are already taking incremental steps toward protection in the digital age without a federal digital bill of rights. These state-level initiatives create a patchwork of digital privacy laws, complicating efforts to establish a national, uniform standard for digital rights protection.

Compliance

Compliance Data protection Federal law Court

A Roundup of Recent Section 230 Decisions Involving Sex Abuse or CSAM

Eric Goldman

MAY 26, 2025

Another lengthy blog post rounding up cases from the past few months involving CSAM or commercial sex and Section 230/FOSTA. May 6, 2025) Prior blog posts ( 1 , 2 ). Users can store iCloud files using “Advanced Data Protection,” which encrypts the files such that Apple can’t access them.

Defendant

Defendant Failure-to-appear Court Judge

European Data Protection Roundup – Q4 2024

European Data Protection Roundup – November 2023

Webinars

Trending Sources

CJEU’s Advocate General Issues Opinion on GDPR Fines Against Companies

Webinars

EU Rules Restricting the International Transfers of Non-Personal Data

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Utah Joins the Comprehensive State Privacy Law Club

Connecticut’s Next Generation Data Privacy Law

Face Forward: Strategies for Complying with Facial Recognition Laws

What the ADPPA Means for U.S. Data Regulation

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

A Roundup of Recent Section 230 Decisions Involving Sex Abuse or CSAM

Stay Connected