Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Legal IT Group

SEPTEMBER 19, 2023

For example, in 2020, the Data Protection Authority of Hamburg imposed a 35.3 This fact became known when the H&M servers encountered a technical error, and the data on the network drive became accessible to all employees for a few hours. Read more about employer monitoring and data protection in our previous article.

Data protection 52

Data protection Compliance e-records Law 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. UK ICO fines TikTok £12.7

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

LawSites

DECEMBER 1, 2021

Sixty percent of general counsel are concerned that their risk landscape is expanding or becoming more difficult to navigate in areas spanning compliance, regulatory enforcement, data privacy, information security, emerging data sources and ongoing impacts of the pandemic. in 2020 to 2.9

e-discovery 98

e-discovery Compliance e-filing Data protection 98

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. Contents : California Virginia Colorado Utah Connecticut California In California, the California Consumer Privacy Act ( CCPA ) has been in effect since January 01, 2020.

Data protection 52

Data protection Law Law Attorney 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

Richmond Journal of Law and Technology

MAY 2, 2023

8] Among the mentioned countries, Egypt, Nigeria, South Africa, Ghana, and Morocco seem to be suitable markets for entry, as they have established specific laws or regulations to protect consumers, especially in online transactions. [9] companies to take proactive measures to protect their data and adhere to foreign laws.

Data protection 52

Data protection Compliance Due diligence Law 52

Debevoise Data Blog

JUNE 25, 2022

In light of these trends, we have also included four tips for companies seeking to establish practical compliance and governance programs related to their ADM systems. What Laws Apply to Automated Decision-Making?

Compliance 52

Compliance Law Law Data protection 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 52

Data protection Compliance International law Law 52

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”).

Data protection 69

Data protection Court Compliance Hearing 69

Technology Law Dispatch

APRIL 27, 2023

Digital Markets Act: Developments since its proposal Following the European Commission’s initial proposal of the Digital Markets Act (DMA) in December 2020, its adoption by the European Parliament in March 2022 and the entry into force on November 1, 2022, the DMA will finally apply from May 2, 2023.

Compliance 52

Compliance Data protection 52

Debevoise Data Blog

MARCH 11, 2021

The recent publication of the SEC’s 2021 Division of Examination Priorities (the “2021 Priorities”) presents an opportunity to look back at the cybersecurity work of the SEC in 2020 and speculate about the SEC’s examination and enforcement priorities for data protection in the coming year for RIAs.

Compliance 52

Compliance Data protection Attorney 52

LawSites

DECEMBER 1, 2021

Sixty percent of general counsel are concerned that their risk landscape is expanding or becoming more difficult to navigate in areas spanning compliance, regulatory enforcement, data privacy, information security, emerging data sources and ongoing impacts of the pandemic. in 2020 to 2.9

e-discovery 52

e-discovery Compliance e-filing Data protection 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 52

Data protection Compliance Court Law 52

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What did the ICO find?

Data protection 52

Data protection Compliance Court Law 52

Technology Law Dispatch

MAY 10, 2023

The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies ( Tracking Cookie ). The report stresses that after the CJEU Schrems II judgment data transfers based on the invalidated EU-US Privacy Shield are not compliant with the GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. In 2019 and 2020, the CNIL’s inspectors performed online checks of google.fr This fine was upheld on appeal in June 2020 (see our comments on the decision). Background.

Data protection 52

Data protection Compliance Court 52

Legal IT Group

NOVEMBER 10, 2023

First of all, the data can be transferred based on the adequacy decision or subject to appropriate safeguards. Among these safeguards, in particular, are binding corporate rules, standard data protection clauses, code of conduct, and certification mechanism. After Brexit in 2020, the UK continued to use them.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs.

Data protection 52

Data protection Law Law Compliance 52

Debevoise Data Blog

SEPTEMBER 19, 2022

The California Design Code’s business obligations take effect on July 1, 2024, though certain businesses must complete Data Protection Impact Assessments “on or before” that date. Notable affirmative obligations include: Data Protection Impact Assessments (“DPIAs”).

Data protection 52

Data protection Compliance Time-tracking Attorney 52

Legal IT Group

MARCH 6, 2023

Over 18 years of its existence, Google Analytics, and other Google services have become indispensable data processing tools for business owners and various organizations, such as educational institutions, healthcare, and sometimes even government agencies. In fact, without personal data, Google Analytics would be a useless tool.

Analytics 52

Analytics Data protection Time-tracking Court 52

Debevoise Data Blog

OCTOBER 4, 2021

In this Part 2, we discuss the measures that financial institutions can adopt to mitigate their ransomware sanctions risks, and why those compliance controls differ from the steps being taken by victims. Different Role and Different Risks for Banks In October 2020, the U.S.

Due diligence 52

Due diligence Compliance Data protection Law 52

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. GDPR : To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). So, it may be a good idea to learn more about GDPR.

Law firm 96

Law firm Law Law Due diligence 96

Debevoise Data Blog

MARCH 17, 2023

One benefit of this approach is that it ensures that the training data will be available for analysis, responding to regulatory inquiries or defending against civil claims for the entire life of the model. Another benefit is the simplicity of the policy, which would make compliance relatively easy. Anonymizing Data after One Year.

e-discovery 52

e-discovery Compliance Litigator Litigation 52

Ikigai Law

AUGUST 7, 2023

Reporting entities must follow several compliance and reporting obligations under the anti-money laundering law. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here! The data law doesn’t tell processors what to do.

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

OCTOBER 26, 2021

Among other proposed federal legislation, the National Biometric Information Privacy Act of 2020 died in Congress last year. This would seem to eliminate not just the possibility of compliance-by-signage but also the possibility of online consent. Compliance.

Compliance 52

Compliance Federal law Data protection Machine learning 52

new tech law blog

JUNE 22, 2023

The DMA will also impact other regulations applicable to the delivery of services on digital markets, particularly involving data protection (the General Data Protection Regulation and the ePrivacy Directive), competition law, consumer protection, and copyright (e.g. DMA recital 12). 53 and following).

Compliance 52

Compliance Data protection Court Software 52

Ikigai Law

FEBRUARY 9, 2023

The need for a graded approach for compliances was also discussed. For instance, in 2020, Newslaundry listed several social media posts and news articles that PIB’s fact-checking unit had ‘debunked’ without any valid basis. Would a spin the wheel contest on an e-commerce platform be covered?

Due diligence 52

Due diligence Data protection Hearing Compliance 52