Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. 33(2) GDPR relating to the same personal data breach.

Data protection 52

Data protection e-records Compliance Court 52

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

Legal Tech Monitor

MAY 22, 2023

The ruling contains the largest data privacy fine to be issued in the European Union since the bloc’s General Data Protection Regulation, or GDPR, came into force in 2018 and follows more than a decade of court standoffs.

Data protection 59

Data protection Court 59

Debevoise Data Blog

SEPTEMBER 25, 2024

However, data controllers and processers should be aware that the UK’s Information Commissioner’s Office (“ICO”) can also carry out dawn raids as part of investigations into compliance with data protection laws. The ICO must obtain a court warrant to conduct a dawn raid. unlawfully obtaining personal data).

Data protection 52

Data protection Failure-to-appear Court Judge 52

Percipient

APRIL 22, 2023

Companies must also foot the bill for consumer data requests authorized under privacy regulations unless the request is “excessive.” 23, 2015) the court observed that responding parties presumptively bear the expense of complying with discovery requests unless the expense is “significant.” 11 cv 4071 (N.D.

e-discovery 97

e-discovery Court e-records Litigator 97

Vogel IT Law

APRIL 4, 2023

HealthCareInfoSecurity.com reported that “A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019.” Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021.

Data protection 52

Data protection Court Litigator Litigation 52

Debevoise Data Blog

FEBRUARY 8, 2021

Although the letter was greeted by Acting SEC Chairman Roisman as confirmation that the “ UK GDPR does not impose legal barriers to the transfer of personal data […] directly to the SEC for regulatory or enforcement purposes ”, SEC–Regulated UK Firms may still need to scrutinise data requests and have procedures in place to ensure GDPR compliance.

Data protection 52

Data protection Compliance Court Law 52

Discovery Advocate

NOVEMBER 26, 2018

The Clarifying Lawful Overseas Use of Data Act (Pub. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. Supreme Court heard argument on the case in February 2018. Microsoft lost the case in 2014 , but won an appeal in 2016.

Court 52

Court Data protection Litigator Litigation 52

Debevoise Data Blog

NOVEMBER 12, 2021

Overview In a much anticipated decision, the UK Supreme Court has unanimously decided that a mass claim brought against Google by Mr Richard Lloyd, on behalf of a class that could include as many as 4.4 million iPhone users (the “iPhone Users”), cannot proceed, as currently constituted, as a ‘representative action’ in the English courts.

Data protection 52

Data protection Court Judge Litigator 52

MatterSuite

DECEMBER 12, 2024

Why is Data Compliance Important? Failure to adhere to the security framework regarding data protection can lead to high fines and even court cases. There is a good level of customer data compliance that prevents unauthorized access or alteration to sensitive information.

Compliance 52

Compliance Data protection Failure-to-appear Time-tracking 52

Technology Law Dispatch

SEPTEMBER 14, 2023

On August 18, 2023, the Fourth Circuit decertified approximately 20 million putative class action claims arising out of a 2018 data breach involving Marriott Hotels. According to the Fourth Circuit, this “error affect[ed] the whole of the certification order.”

Defendant 52

Defendant Lawsuit Court Litigator 52

Inside Privacy

FEBRUARY 1, 2024

In this blog post, we outline the current and forthcoming EU legislation on the international transfer of non-personal data. Some of this legislation has been enacted recently, and other legislation on this topic is making its way through the legislative process but has yet to be adopted. X (Recent Council versions remove this obligation.)

Intellectual Property 72

Intellectual Property State law Court Compliance 72

Discovery Advocate

APRIL 23, 2018

6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation (GDPR).

e-discovery 52

e-discovery Data protection Litigator Litigation 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Ikigai Law

JUNE 6, 2023

Instead of a separate regulator, the government is contemplating a body similar to the data protection board suggested under the latest version of the data bill. Meanwhile, courts continue to interpret. , emerging tech (read: we got to do something about AI), digital competition (whose pie is this issue anyway?),

Time-tracking 52

Time-tracking Court Data protection Hearing 52

Ikigai Law

AUGUST 7, 2023

Fast forward to the last month, the Delhi High Court used the long arm of the PMLA to classify PayPal as a ‘reporting entity’ under the PMLA. The Court rejected this premise. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here!

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

MARCH 17, 2023

Since these models generally evolve, regulators and courts might argue that—in the event of a performance issue or other regulatory concern—the model’s earlier outputs are important to understanding its later performance.

e-discovery 52

e-discovery Compliance Litigator Litigation 52

MatterSuite

OCTOBER 27, 2023

billion by 2023, growing at a compound annual growth rate (CAGR) of around 10% from 2018. Compliance Tools: Legal tech assists law firms in adhering to data protection regulations like GDPR and HIPAA. They offer tools for data retention policies, access controls, and audit trails, ensuring compliance and mitigating legal risks.

Legal tech 52

Legal tech Legal tech e-discovery Machine learning 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

LawSites

DECEMBER 27, 2022

Notably, the post that captured the most eyes was about New York becoming the first state to mandate CLE in cybersecurity, privacy and data protection. The second most popular post was a test of the BriefCatch legal editing software using the leaked draft of the Supreme Court’s opinion in Dobbs v.

Data protection 94

Data protection Analytics Legal tech Legal tech 94

Debevoise Data Blog

JANUARY 19, 2021

In particular: in what circumstances, if any, would regulators or courts find that a flawed machine learning or AI model must be scrapped entirely? According to the settlement, between July 2018 and April 2019, Everalbum represented to users that it would not apply facial recognition to users’ content unless a user affirmatively opted in.

Machine learning 45

Machine learning Court Data protection Law 45

Debevoise Data Blog

FEBRUARY 28, 2022

Under this requirement, businesses need to establish time limits for data deletion and to institute a periodic review of the necessity for continued data retention. The UK Data Protection Act of 2018 has a similar provision. Individuals also have a right to obtain information about the storage periods. Wetzel (W.D.

e-filing 52

e-filing Compliance Litigator Litigation 52

Debevoise Data Blog

NOVEMBER 2, 2022

National courts will have to determine whether a feeling of displeasure meets the threshold of non-material damage. What to do : Keep an eye out for the final decision by the court. Advocate General opinions are influential but not binding.

Data protection 52

Data protection Compliance Machine learning Court 52

Berkley Technology Law Journal

NOVEMBER 18, 2022

So what we know at the moment we see in the US courts, the discussion if Facebook and Instagram and WhatsApp has to be broken up. And it’s going to be checked by the European Court of Justice. One idea is the idea of data portability. And that is the basic idea of data portability. This is the ultimate sanction.

Law 40

Law Law Data protection Court 40

Berkley Technology Law Journal

NOVEMBER 18, 2022

So what we know at the moment we see in the US courts, the discussion if Facebook and Instagram and WhatsApp has to be broken up. And it’s going to be checked by the European Court of Justice. One idea is the idea of data portability. And that is the basic idea of data portability. This is the ultimate sanction.

Law 40

Law Law Data protection Court 40