Legal Tech Monitor

DECEMBER 26, 2023

The relationship between generative artificial intelligence and the EU’s GDPR is a complicated one, with some data privacy professionals who claim the two can’t coexist, and others who argue that a GDPR-like framework is necessary for the technology to grow sustainably. Here are some areas of contentions between the two from 2023.

52

52

Legal IT Group

JULY 5, 2023

In this article: What is a code of conduct under GDPR provisions On the adoption of the first Polish code of conduct for small medical facilities Personal data of patients and surveys Obtaining the consent of the data subject during CCTV Why is a code of conduct a good idea? As a reminder: What is the code of conduct, and why is it needed?

Data protection 52

Data protection Compliance Court Software 52

Legal IT Group

JANUARY 4, 2023

Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. Under GDPR, it is crucial to ensure that the processes declared in policies are actually implemented in practice.

Compliance 52

Compliance Data protection Law Law 52

Inside Privacy

MAY 4, 2023

This can also include documents or extracts from databases containing personal data, where it would be necessary to ensure that the personal data is intelligible, as per Article 15(3) GDPR. Background. The Agency responded to this request with a summarized list of the data subject’s data undergoing processing. Fulfilling the right of access.

Intellectual Property 74

Intellectual Property Data protection Court Law 74

Technology Law Dispatch

OCTOBER 2, 2023

On 11 September 2023, the UK’s Department for Science, Innovation, and Technology (DSIT), published the draft Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023 (DP Regulations), which seek to amend the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018). What’s next?

Data protection 52

Data protection Law Law 52

Technology Law Dispatch

FEBRUARY 22, 2023

C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. Whether FC’s positions as chair of the works council and DPO would give rise to a conflict of interests within the meaning of the second sentence of Article 38(6) of the GDPR.

Data protection 59

Data protection Court Compliance Federal law 59

Legal Tech Monitor

NOVEMBER 3, 2023

Generative AI may need a GDPR-like framework to be able to evolve sustainably, data privacy experts noted during the IAPP’s AI Governance Global conference in Boston on Thursday.

52

52

Legal Tech Monitor

AUGUST 30, 2023

While the Data Privacy Framework brings a new mechanism for e-discovery professionals to rely on during cross-border discovery, e-discovery attorneys still face stringent requirements from the GDPR and other upcoming EU regulations.

e-discovery 59

e-discovery Attorney 59

Legal Tech Monitor

JUNE 5, 2023

This Ralph Waldo Emerson quote has been on my mind recently, Guest post: GDPR turns five – Reflecting on the changing nature of data privacy strategies Read More » The post Guest post: GDPR turns five – Reflecting on the changing nature of data privacy strategies appeared first on Legal IT Insider.

Compliance 52

Compliance 52

Legal Tech Monitor

APRIL 5, 2023

“At a global level it’s the least stupid privacy law we have so far,” Max Schrems said of the GDPR during the Wednesday morning keynote at the IAPP 2023 Global Privacy Summit. He added, “It’s just not precise enough in many areas.”

Law 59

Law Law 59

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs.

Data protection 52

Data protection Law Law Compliance 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). How does conducting a DTIA relate to GDPR compliance? How does conducting a DTIA relate to GDPR compliance? Who is required to conduct a DTIA?

Data protection 52

Data protection Compliance Court Law 52

Legal IT Group

JUNE 15, 2023

According to the GDPR – General Data Protection Regulation – residents of the European Union (“ EU ”) can send requests regarding their data to all legal and natural persons who process it. Furthermore, it is essential to note that the GDPR does not provide a specific request format or instructions for where it should be submitted.

e-records 52

e-records Data protection e-filing Compliance 52

Legal Tech Monitor

MAY 22, 2023

The ruling contains the largest data privacy fine to be issued in the European Union since the bloc’s General Data Protection Regulation, or GDPR, came into force in 2018 and follows more than a decade of court standoffs.

Data protection 59

Data protection Court 59

Legal IT Group

MAY 17, 2023

Recently, the Cologne District Court ruled that a German mobile operator’s use of Google Analytics violated the GDPR’s requirements for international data transfers. In this case, Telekom Deutschland GmbH generally failed to inform its users about the transfer of data to Google Analytics, violating the GDPR.

Analytics 52

Analytics Court Data protection Defendant 52

Legal IT Group

APRIL 28, 2023

Even so, Meta Platforms did not start using consent as a legal basis for processing user data to comply with the EDPB’s decision, choosing legitimate interest (Article 6(1)(f) GDPR). Therefore, according to the court, the GDPR and the EU Unfair Commercial Practices Directive can be applied simultaneously in the same case.

Data protection 52

Data protection Time-tracking Court Lawsuit 52

K&L Gates e-Discovery Analysis & Technology Group

FEBRUARY 24, 2023

As discussed in a prior post on this blog, electronic discovery that requires the processing and use of records and information that includes the personal data of individuals residing in the and the European Economic Area (“EEA”) must often incorporate measures to allow for compliance with the European Union’s General Data Protection Regulation (..)

Electronic discovery 40

Electronic discovery Data protection Compliance 40

K&L Gates e-Discovery Analysis & Technology Group

FEBRUARY 24, 2023

As discussed in a prior post on this blog, electronic discovery that requires the processing and use of records and information that includes the personal data of individuals residing in the and the European Economic Area (“EEA”) must often incorporate measures to allow for compliance with the European Union’s General Data Protection Regulation (..)

Electronic discovery 40

Electronic discovery Data protection Compliance 40

Debevoise Data Blog

MARCH 4, 2021

law in the direction of its overseas cousin, the European Union’s General Data Protection Regulation (“GDPR”). VCDPA follows the CCPA and GDPR in applying a broad definition of personal data, sweeping well beyond the traditional U.S. The VCDPA bears a strong resemblance to the California Consumer Privacy Act (“CCPA”).

Data protection 52

Data protection Law Law Compliance 52

Legal Tech Monitor

APRIL 18, 2023

ChatGPT has received increased scrutiny from European data protection authorities, as well as from its citizens, who are starting to file complaints using what lawyers say could be effective strategies.

Data protection 59

Data protection Lawyer 59

Discovery Advocate

APRIL 23, 2018

6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation (GDPR). Also, WP 261 seems to directly consider the e-discovery context when relating Article 49 of the GDPR to Article 48.

e-discovery 52

e-discovery Data protection Litigator Litigation 52

Inside Privacy

MAY 5, 2023

The CJEU held that the mere infringement of the GDPR does not, alone, give rise to a right to compensation for individuals. In the Court’s view, Article 82 requires establishing: (i) “damage”, either material or non-material; (ii) an actual infringement of the GDPR; and (iii) a causal link between the two.

Data protection 79

Data protection Court Law Law 79

Inside Privacy

JANUARY 22, 2024

On January 16, 2024, the Belgian Supervisory Authority sanctioned a data broker for violating several provisions of the GDPR. 14 GDPR apply. 14 GDPR, the company relied on the contractual obligations it imposed on its data providers and clients to inform data subjects about its processing operations. 14(3)(b) & (c) GDPR.

Court 74

Court Law Law 74

Debevoise Data Blog

APRIL 26, 2024

Icelandic DPA fines Subway for unlawful employee monitoring: Joining other European DPAs in increasing scrutiny on workplace monitoring, the Icelandic DPA fined Subway in a decision that highlights the requirements for GDPR compliance for businesses engaging in employee monitoring. 28(2) GDPR and Art. 28(2) GDPR and Art.

Data protection 52

Data protection e-records Compliance Court 52

Legal IT Group

NOVEMBER 13, 2023

The European General Data Protection Regulation (GDPR) defines certain cases where the appointment of a DPO is mandatory: the processing is carried out by a public authority; regular and systematic monitoring of data subjects on a large scale; processing on a large scale of special categories of data.

Data protection 52

Data protection Compliance International law Law 52

Inside Privacy

MAY 12, 2023

In May 2023, the Spanish Supervisory Authority (“SA”) issued a detailed guidance paper on GDPR compliance in the context of data spaces. It also examines the requirements applying to “secure processing environments” ( i.e., the infrastructure on which the data is stored) under the Data Governance Act and the European Health Data Space.

Data protection 79

Data protection Mediator Compliance State law 79

Legal Tech Monitor

NOVEMBER 29, 2023

Can they still be compliant with the GDPR’s right to be forgotten? Large language models trained on publicly available personal data don’t really have the option to “forget” parts of their training set without being wholly retrained from scratch.

52

52

Inside Privacy

NOVEMBER 28, 2023

The DSK paper also refers to digital health apps that are not subject to reimbursement under the DiGA Regulation. * * * In brief, the paper discusses the following topics: GDPR roles are fact specific. The GDPR’s principle of data protection by design and by default according to Art.

Data protection 57

Data protection Time-tracking Software Law 57

Inside Privacy

FEBRUARY 16, 2024

The DMA limits the GDPR legal bases that gatekeepers may rely on to process personal data of end-users for the purpose of providing online advertising services. The end-user’s consent must meet the conditions of the GDPR, i.e. , it must be “freely given, specific, informed and unambiguous.” Legal Basis.

Data protection 103

Data protection 103

Legal IT Group

SEPTEMBER 19, 2023

million euro fine on H&M for violation of Articles 5 and 6 of the GDPR. Find out the essential steps that employers should take for GDPR compliance in our article. 6 (1) (a) of GDPR Art. 6 (1) (b) of GDPR Art. 6 (1) (c) of GDPR Art. 6 (1)(d) of GDPR Art. 6 (1) (e) of GDPR Art.

Data protection 52

Data protection Compliance e-records Law 52

Technology Law Dispatch

AUGUST 2, 2023

data transfers CJEU: Requirements for GDPR damage claims CJEU: Lawfulness of processing in case of Art. 26 and 30 GDPR violations CJEU: News on the right to be forgotten Advocate General: Objective criteria for determining joint controllership (Article 26 of the GDPR) General Court: Personal data or not?

Data protection 52

Data protection Court Law Law 52

Legal IT Professionals

SEPTEMBER 6, 2023

European law firm Fieldfisher has joined forces with innovative Australian legal technology company Lawcadia to launch a 24-hour data breach notification assessment platform for all organisations with UK and EU data assets subject to GDPR and UK GDPR.

Law firm 62

Law firm Legal technology Legal technology Law 62

Technology Law Dispatch

JULY 31, 2023

In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR).

Data protection 52

Data protection Court Law Law 52

Inside Privacy

MARCH 7, 2024

The case relates to role of IAB Europe, a sector organization, in its Transparency and Consent Framework (“TCF”) used by companies to record the GDPR consent granted (or not granted) by a user and to document compliance with their GDPR transparency obligations.

Court 61

Court Compliance Litigator Litigation 61

Debevoise Data Blog

OCTOBER 20, 2023

From 12 October, UK businesses can transfer UK GDPR-covered personal data to certified U.S. UK government amends the “fundamental rights and freedoms” protected by UK GDPR What happened : The UK government published a statutory instrument which amended the “fundamental rights and freedoms” protected by UK data protection law.

Data protection 52

Data protection Intellectual Property Compliance Law 52

Inside Privacy

JANUARY 22, 2024

35 GDPR for its “identification and verification process”. In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art.

Data protection 81

Data protection Compliance 81

Inside Privacy

NOVEMBER 20, 2023

Scope of the how-to sheets: The sheets apply to the development phase ( i.e. , designing, creation of database, training) of AI systems based on machine learning (statistical/stochastic systems) or on logic and knowledge (deterministic systems), to the extent such systems rely on the collection and use of personal data and are subject to the GDPR.

Data protection 57

Data protection Machine learning Compliance Law 57