Legal IT Group

NOVEMBER 10, 2023

First of all, the data can be transferred based on the adequacy decision or subject to appropriate safeguards. Among these safeguards, in particular, are binding corporate rules, standard data protection clauses, code of conduct, and certification mechanism. After Brexit in 2020, the UK continued to use them.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

SEPTEMBER 19, 2022

The California Design Code’s business obligations take effect on July 1, 2024, though certain businesses must complete Data Protection Impact Assessments “on or before” that date. Notable affirmative obligations include: Data Protection Impact Assessments (“DPIAs”).

Data protection 52

Data protection Compliance Time-tracking Attorney 52

Debevoise Data Blog

OCTOBER 4, 2021

In this Part 2, we discuss the measures that financial institutions can adopt to mitigate their ransomware sanctions risks, and why those compliance controls differ from the steps being taken by victims. Different Role and Different Risks for Banks In October 2020, the U.S.

Due diligence 52

Due diligence Compliance Data protection Law 52

Ikigai Law

AUGUST 7, 2023

Reporting entities must follow several compliance and reporting obligations under the anti-money laundering law. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here! The data law doesn’t tell processors what to do.

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

MARCH 17, 2023

One benefit of this approach is that it ensures that the training data will be available for analysis, responding to regulatory inquiries or defending against civil claims for the entire life of the model. Another benefit is the simplicity of the policy, which would make compliance relatively easy. Anonymizing Data after One Year.

e-discovery 52

e-discovery Compliance Litigator Litigation 52

Debevoise Data Blog

OCTOBER 26, 2021

Among other proposed federal legislation, the National Biometric Information Privacy Act of 2020 died in Congress last year. This would seem to eliminate not just the possibility of compliance-by-signage but also the possibility of online consent. Compliance.

Compliance 52

Compliance Federal law Data protection Machine learning 52

Ikigai Law

FEBRUARY 9, 2023

The need for a graded approach for compliances was also discussed. For instance, in 2020, Newslaundry listed several social media posts and news articles that PIB’s fact-checking unit had ‘debunked’ without any valid basis. Would a spin the wheel contest on an e-commerce platform be covered?

Due diligence 52

Due diligence Data protection Hearing Compliance 52

Debevoise Data Blog

OCTOBER 18, 2021

2020) (denying motions to dismiss and to strike class allegations against manufacturer of biometric timeclocks where plaintiff-employees did not receive notice or give consent to manufacturer). 1:20-CV-1084-JES-JEH, 2020 WL 5118035 (C.D. 19 CV 04722, 2020 WL 2513099 (N.D. May 15, 2020). See, e.g., Figueroa v. 454 F.Supp.3d

Law 52

Law Law Court Time-tracking 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Inside Privacy

APRIL 28, 2023

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. Additionally, the ICO have added a new annex on data protection fairness considerations across the AI lifecycle.

Data protection 74

Data protection Compliance Law Law 74

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection 52

Data protection Compliance Court State law 52

3 Geeks and a Law Blog

JANUARY 23, 2023

This week’s episode covers agency labor advisors, data rights, minimum wage for contractors and the strengthening VA Cybersecurity Act of 2020. AI-Ethan 10:28 Bonds gonna Ken King Latest Episode on Countdown to data privacy day 2023.

Hearing 130

Hearing Time-tracking Judge e-filing 130

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. GDPR : To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). So, it may be a good idea to learn more about GDPR.

Law firm 98

Law firm Law Law Due diligence 98

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs.

Data protection 52

Data protection Law Law Compliance 52

Debevoise Data Blog

JUNE 25, 2022

In light of these trends, we have also included four tips for companies seeking to establish practical compliance and governance programs related to their ADM systems. What Laws Apply to Automated Decision-Making?

Compliance 52

Compliance Law Law Data protection 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. UK ICO fines TikTok £12.7

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. How does conducting a DTIA relate to GDPR compliance?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

FEBRUARY 28, 2022

In this Data Blog post, we discuss recent enforcement actions and regulatory requirements for getting rid of old data and offer six tips for complying with these developing obligations. The UK Data Protection Act of 2018 has a similar provision. Moreover, various parts of the organization (e.g.,

e-filing 52

e-filing Compliance Litigator Litigation 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Technology Law Dispatch

APRIL 27, 2023

Digital Markets Act: Developments since its proposal Following the European Commission’s initial proposal of the Digital Markets Act (DMA) in December 2020, its adoption by the European Parliament in March 2022 and the entry into force on November 1, 2022, the DMA will finally apply from May 2, 2023.

Compliance 52

Compliance Data protection 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. In 2019 and 2020, the CNIL’s inspectors performed online checks of google.fr This fine was upheld on appeal in June 2020 (see our comments on the decision). Background.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What did the ICO find?

Data protection 52

Data protection Compliance Court Law 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 52

Data protection Compliance International law Law 52

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

Technology Law Dispatch

MAY 10, 2023

The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies ( Tracking Cookie ). The report stresses that after the CJEU Schrems II judgment data transfers based on the invalidated EU-US Privacy Shield are not compliant with the GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52