Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

MARCH 24, 2023

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill No.2. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations in the UK.

Data protection 52

Data protection Failure-to-appear Compliance Software 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. UK ICO fines TikTok £12.7

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

MatterSuite

DECEMBER 12, 2024

But with the increase of business information in layers, comes the challenge of protecting personal and sensitive information, too. Amidst a world where cyber threats are becoming very advanced and prevalent, it is now imperative to uphold robust compliance to security frameworks, as well as sufficient cybersecurity measures , to secure data.

Compliance 52

Compliance Data protection Failure-to-appear Time-tracking 52

Legal IT Group

FEBRUARY 21, 2023

Moreover, since 2018, IAB Ukraine has had its own representative office in Ukraine. Therefore, the Transparency and Consent Framework Canada was created to help all parties in the digital advertising chain comply with Canadian data protection legislation when processing online users’ personal data.

Data protection 130

Data protection Compliance Law Law 130

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Debevoise Data Blog

SEPTEMBER 25, 2024

However, data controllers and processers should be aware that the UK’s Information Commissioner’s Office (“ICO”) can also carry out dawn raids as part of investigations into compliance with data protection laws. unlawfully obtaining personal data). Train key staff on protocols and procedures for dawn raids.

Data protection 52

Data protection Failure-to-appear Court Judge 52

Debevoise Data Blog

NOVEMBER 24, 2020

EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. million fine imposed by the UK Information Commissioner’s Office (“ICO”) against Ticketmaster for alleged data security failings that exposed customer payment card data.

Data protection 52

Data protection Compliance Failure-to-appear Software 52

Inside Privacy

JANUARY 24, 2024

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.

Data protection 61

Data protection Intellectual Property Compliance Law 61

Richmond Journal of Law and Technology

MAY 2, 2023

8] Among the mentioned countries, Egypt, Nigeria, South Africa, Ghana, and Morocco seem to be suitable markets for entry, as they have established specific laws or regulations to protect consumers, especially in online transactions. [9] companies to take proactive measures to protect their data and adhere to foreign laws.

Data protection 52

Data protection Compliance Due diligence Law 52

Percipient

APRIL 22, 2023

Or it received a data request from a consumer under the GDPR or California Consumer Privacy Act. If the subpoena issued is in federal litigation, your company is likely responsible for the cost of compliance, especially if it has a connection to the litigation. Who covers the expense in responding to it? 3:14-md-02516 (SRU) (D.

e-discovery 97

e-discovery Court e-records Litigation 97

Debevoise Data Blog

FEBRUARY 8, 2021

Although the letter was greeted by Acting SEC Chairman Roisman as confirmation that the “ UK GDPR does not impose legal barriers to the transfer of personal data […] directly to the SEC for regulatory or enforcement purposes ”, SEC–Regulated UK Firms may still need to scrutinise data requests and have procedures in place to ensure GDPR compliance.

Data protection 52

Data protection Compliance Court Law 52

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. GDPR : To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). So, it may be a good idea to learn more about GDPR.

Law firm 98

Law firm Law Law Due diligence 98

Discovery Advocate

NOVEMBER 26, 2018

The Clarifying Lawful Overseas Use of Data Act (Pub. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. Microsoft litigation, in which Microsoft had argued that it was not required to provide access to its users’ private data stored on Dublin servers.

Court 52

Court Litigator Litigation Data protection 52

Debevoise Data Blog

MARCH 11, 2021

The recent publication of the SEC’s 2021 Division of Examination Priorities (the “2021 Priorities”) presents an opportunity to look back at the cybersecurity work of the SEC in 2020 and speculate about the SEC’s examination and enforcement priorities for data protection in the coming year for RIAs.

Compliance 52

Compliance Data protection Attorney 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Inside Privacy

FEBRUARY 1, 2024

Data Localization Regulation 2018/1807 on the flow of non-personal data prohibits Member States from adopting data localization requirements ─ e.g. , requiring the processing of data in the territory of a particular Member State or preventing the processing of data in another Member State ─ unless they are justified on grounds of “public security in (..)

Intellectual Property 72

Intellectual Property State law Court Compliance 72

Debevoise Data Blog

MARCH 17, 2023

One benefit of this approach is that it ensures that the training data will be available for analysis, responding to regulatory inquiries or defending against civil claims for the entire life of the model. Another benefit is the simplicity of the policy, which would make compliance relatively easy. Anonymizing Data after One Year.

e-discovery 52

e-discovery Litigation Litigator Compliance 52

Ikigai Law

AUGUST 7, 2023

Reporting entities must follow several compliance and reporting obligations under the anti-money laundering law. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here! The data law doesn’t tell processors what to do.

Data protection 52

Data protection Law Law e-records 52

MatterSuite

OCTOBER 27, 2023

billion by 2023, growing at a compound annual growth rate (CAGR) of around 10% from 2018. Data Security and Privacy Compliance Data Encryption: Legal tech solutions employ robust data encryption methods to safeguard sensitive client data, communications, and documents from unauthorized access.

Legal tech 52

Legal tech Legal tech e-discovery Machine learning 52

Berkley Technology Law Journal

NOVEMBER 18, 2022

This was even more open to debate, if there is a third violation, the DMA says this is a systematic non-compliance and therefore we should even have stricter fines and the strictest fine can even be that we break up the company. One idea is the idea of data portability. And that is the basic idea of data portability.

Law 100

Law Law Data protection Court 100

Berkley Technology Law Journal

NOVEMBER 18, 2022

This was even more open to debate, if there is a third violation, the DMA says this is a systematic non-compliance and therefore we should even have stricter fines and the strictest fine can even be that we break up the company. One idea is the idea of data portability. And that is the basic idea of data portability.

Law 100

Law Law Data protection Court 100

Debevoise Data Blog

FEBRUARY 28, 2022

A senior officer or director of the regulated entity must certify compliance with the NYDFS Cyber Rules annually, including the data minimization obligation. Under this requirement, businesses need to establish time limits for data deletion and to institute a periodic review of the necessity for continued data retention.

e-filing 52

e-filing Compliance Litigation Litigator 52

Debevoise Data Blog

OCTOBER 10, 2022

European Data Protection Roundup – September 2022 Key takeaways this September include: Google Analytics : Continue to assess carefully the use of Google Analytics. What to do : The Danish Data Protection Agency referred entities to the CNIL’s detailed guidance on making Google Analytics GDPR-compliant.

Data protection 52

Data protection Analytics Software Compliance 52

Debevoise Data Blog

NOVEMBER 2, 2022

What to do : Entities should check whether they are subject to the DSA as soon as possible and, if they are, start considering how to implement a compliance program to ensure DSA-readiness by February 2024 or, for VLOPs and VLOSEs, potentially on shorter notice.

Data protection 52

Data protection Compliance Machine learning Court 52

Debevoise Data Blog

MARCH 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018.

Software 52

Software Defendant Failure-to-appear Compliance 52