Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. The court concluded that the legitimate interest could have been furthered through less intrusive means.

Data protection 52

Data protection Court Defendant Law 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

DECEMBER 13, 2022

Despite this, there remain public interest exemptions for court proceedings and law enforcement purposes. The Garante stated that “[t]he moratorium arises from the need to regulate eligibility requirements, conditions and guarantees relating to facial recognition, in compliance with the principle of proportionality.”

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Ikigai Law

AUGUST 3, 2023

Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.

Data protection 52

Data protection Compliance e-filing Hearing 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What to do: As we reported previously there is increasing convergence between European data protection and competition law enforcement. The Regional Court in Berlin recently dismissed the €14.5

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

AUGUST 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s teeth; the challenges of GDPR-compliant facial recognition, after a Spanish supermarket chain was fined €2.5

Data protection 52

Data protection Dispute resolution Court Case law 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Dewey B Strategic

DECEMBER 10, 2023

On December 7, 2023 Wolters Kluwer released the following announcement : Legal & Regulatory division continues to redefine the landscape for legal professionals Wolters Kluwer Legal & Regulatory (LR) today announced an innovative feature for legal professionals: Generative Pre-training Transformer (GPT)-generated summaries of court rulings.

Legal research 98

Legal research Court Data protection Legal tech 98

Debevoise Data Blog

FEBRUARY 20, 2023

Relatedly, a Swedish Court upheld the Swedish IMY’s 2022 reprimand of Klarna Bank AB for failing to disclose information regarding the specific recipients of personal data to a requesting data subject; providing the categories of recipients only was insufficient.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. The guidelines will be a new “go to” resource for those preparing for, and responding to, data breaches. Deliveroo algorithm ruled discriminatory by Italian court. English court rules GDPR does not apply to U.S. website.

Data protection 52

Data protection Time-tracking Defendant Court 52

Technology Law Dispatch

FEBRUARY 7, 2023

We hope you enjoy reading it.

Data protection 52

Data protection Court Law Law 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Vogel IT Law

SEPTEMBER 12, 2023

GoveInfoSecurity.com reported that “A Norway court sided with the country’s data protection authority in a battle against Facebook over surveillance based-ads, ruling that the agency has the authority to tell the social media giant to temporarily halt behavioral tracking without explicit consent or face daily fines.”

Court 52

Court Data protection Law Law 52

Debevoise Data Blog

JUNE 16, 2021

We also saw developments in the courts on when companies will be liable to pay individuals damages for GDPR violations and the German anti-trust regulator using its new enforcement powers. This follows a February 2021 reference by the German courts to the CJEU on whether the GDPR imposes a materiality threshold for damages claims.

Data protection 40

Data protection Compliance Court Time-tracking 40

Inside Privacy

APRIL 3, 2023

On March 2, 2023, the Court of Justice of the EU (“CJEU”) decided, in case C-268/21 , that the GDPR applies to the production of evidence in civil court proceedings. The case sets limits on, but does not preclude, the production of personal data in court proceedings.

Court 52

Court Data protection Litigator Litigation 52

Legal Tech Monitor

DECEMBER 10, 2023

On December 7, 2023 Wolters Kluwer released the following announcement : Legal & Regulatory division continues to redefine the landscape for legal professionals Wolters Kluwer Legal & Regulatory (LR) today announced an innovative feature for legal professionals: Generative Pre-training Transformer (GPT)-generated summaries of court rulings.

Legal research 52

Legal research Court Data protection Legal tech 52

Technology Law Dispatch

JULY 31, 2023

In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR).

Data protection 52

Data protection Court Law Law 52

Legal IT Group

MAY 17, 2023

Recently, the Cologne District Court ruled that a German mobile operator’s use of Google Analytics violated the GDPR’s requirements for international data transfers. The Cologne District Court ruling only applies to the defendant in the case, Telekom Deutschland GmbH.

Analytics 52

Analytics Court Data protection Defendant 52

Technology Law Dispatch

FEBRUARY 22, 2023

The Court of Justice of the European Union (“ CJEU ”) issued a judgment on the 9 th of February 2023 (docket no. C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. KG. (“ X-FAB ”) and several of its group companies.

Data protection 59

Data protection Court Compliance Federal law 59

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. This is more likely be compliant with data protection law, as firms will be better placed to demonstrate that the user has a genuine free choice.“

Data protection 59

Data protection Compliance Court Law 59

Inside Privacy

MARCH 15, 2023

On February 28, 2023, the European Data Protection Board (“EDPB”) released its non-binding opinion on the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). law to access the personal data of EU data subjects. The EDPB notes that onward transfers of data by U.S.

Data protection 74

Data protection Court Law Law 74

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend.

Data protection 59

Data protection Analytics Compliance Court 59

Inside Privacy

MAY 4, 2023

On May 4, 2023, the Court of Justice of the European Union (‘CJEU’) decided, in case C-487/21 , that the right to obtain a ‘copy’ of personal data means that the data subject must provide with a faithful and intelligible reproduction of all personal data. Fulfilling the right of access.

Intellectual Property 74

Intellectual Property Data protection Court Law 74

Legal Tech Monitor

MAY 22, 2023

The ruling contains the largest data privacy fine to be issued in the European Union since the bloc’s General Data Protection Regulation, or GDPR, came into force in 2018 and follows more than a decade of court standoffs.

Data protection 59

Data protection Court 59

Vogel IT Law

APRIL 4, 2023

The article entitled “Facebook Opposes Irish Data Watchdog’s 265-Million-Euro Fine” ( [link] ) included these comments about Facebook challenge in Irish Court: A High Court justice granted Facebook permission to pursue litigation over the fine from the Irish Data Protection Commission, reported The Irish Times on Monday.

Data protection 52

Data protection Court Litigator Litigation 52

Inside Privacy

NOVEMBER 13, 2023

On October 26, 2023, the European Court of Justice (“CJEU”) decided that the GDPR grants a patient the right to obtain a copy of his or her medical record free of charge ( case C-307/22, FT v DW ). If you have any questions about the interaction between data protection and local laws we are happy to assist.

Data protection 69

Data protection Law Law Court 69

Technology Law Dispatch

MAY 3, 2023

The DPF would allow free and safe data transfers between the EU and the US for US companies self-certified under DPF, bringing many commercial benefits to businesses on both sides. Earlier this year, LIBE Committee and the European Data Protection Board (EDPB) issued opinions on the draft of the DPF. What’s next?

Data protection 52

Data protection Court Compliance Law 52

Eric Goldman

APRIL 28, 2023

Among their targets were the Data Protection Impact Assessment requirements, which NetChoice argued amounted to prior restraint and compelled speech. The District Court is scheduled to hear oral arguments in the Bonta case on July 27th. I will reiterate some of the major lowlights in this post.

Data protection 126

Data protection Court Hearing Judge 126

Inside Privacy

FEBRUARY 27, 2023

Collective action proceedings may be brought before national courts by qualified entities designated by their member state, who may seek injunctive relief and/or redress measures, including compensatory relief, reimbursement for damage, price reductions and/or product repairs, on behalf of consumers. Information about collective actions.

Data protection 52

Data protection Court Litigator Litigation 52

Inside Privacy

MAY 5, 2023

On March 4, 2023, the European Court of Justice (”CJEU”) issued its judgment on case C-300/21, UI v Österreichische Post AG. In the Court’s view, Article 82 requires establishing: (i) “damage”, either material or non-material; (ii) an actual infringement of the GDPR; and (iii) a causal link between the two.

Data protection 79

Data protection Court Law Law 79

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”).

Data protection 69

Data protection Court Compliance Hearing 69

Ikigai Law

APRIL 30, 2023

This post explores if Generative AI tools such as ChatGPT can collect our data from the Internet without our consent on the ground that the data is in the public domain. It also explores if ChatGPT’s recent ban in Italy over data protection norms has any lessons for India. One that’s similar to the EU approach.

Data protection 52

Data protection Law Law Court 52