2020, Court and Data protection - Legal Tech Connection

New York Becomes First State to Mandate CLE in Cybersecurity, Privacy and Data Protection

LawSites

AUGUST 4, 2022

state to mandate that attorneys take continuing legal education courses in cybersecurity, privacy and data protection. New York has become the first U.S. Related: 40 States Have Adopted the Duty of Technology Competence. The order creates two types of cybersecurity training, one focused on ethics and the other on practice.

Data protection

Data protection Law Office Attorney Law firm

The Security ‘Scapegoat?’: When Liability Comes Knocking, CISOs Answer the Call

Berkley Technology Law Journal

JANUARY 24, 2025

They are responsible for overseeing an organizations data protection measures, risk management strategies, overall security infrastructure, among other critical responsibilities. District Court for the Southern District of New York suggests that CISOs might be outside of point-blank range.

Failure-to-appear

Failure-to-appear Court Judge Data protection

National Transposition of the EU Representative Actions Directive: What is the Current Status?

Inside Privacy

FEBRUARY 27, 2023

Background The RAD came into force on December 24, 2020 with the objective of introducing a common framework and approach to collective actions across the EU. An action can be brought by several qualified entities from different member states in order to protect the collective interests of consumers in different member states.

Data protection

Data protection Court Litigator Litigation

Webinars

The New Way of Conducting Patent Research: Proven Strategies For Efficient Due Diligence

AI for Paralegals: Everything You Need to Know (and How to Use It Safely)

The Tech-Savvy Paralegals Playbook: How To Leverage AI

Uncovering The Hidden Connections: A Patent Family Survival Guide

MORE WEBINARS

Russia Introduces New Requirements for Processing of Publicly Disclosed Personal Data

Debevoise Data Blog

APRIL 19, 2021

519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. This is additional to general data processing consent, which is still required under pre-existing data protection law. 3] To subscribe to the Data Blog, please click here. [1] Special Consent.

Due diligence

Due diligence Data protection Federal law Court

FinTales Issue 32: Anti-money laundering laws, Data Bill & Fintechs

Ikigai Law

AUGUST 7, 2023

Fast forward to the last month, the Delhi High Court used the long arm of the PMLA to classify PayPal as a ‘reporting entity’ under the PMLA. The Court rejected this premise. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here!

Data protection

Data protection Law Law e-records

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

The TDPA provides for a private right of action for violation of the prohibition to sell, lease, or disclose data. Compensatory damages or damages between $200 and $1,000 are authorized for each unlawful sale, as are reasonable attorneys’ fees and court costs. 1:20-CV-1084-JES-JEH, 2020 WL 5118035 (C.D. See, e.g., Figueroa v.

Law

Law Law Court Time-tracking

The Challenges That AI Poses for Data Minimization

Debevoise Data Blog

MARCH 17, 2023

Since these models generally evolve, regulators and courts might argue that—in the event of a performance issue or other regulatory concern—the model’s earlier outputs are important to understanding its later performance.

e-discovery

e-discovery Compliance Litigator Litigation

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

Among other proposed federal legislation, the National Biometric Information Privacy Act of 2020 died in Congress last year. Given that this provision of BIPA is currently being tested in the courts, this is also an important area for lawyers to monitor going forward.

Compliance

Compliance Federal law Data protection Machine learning

European Data Protection Roundup – September

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection

Data protection Failure-to-appear Compliance e-records

European Data Protection Roundup – November 2020

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ). Bonn Regional Court slashes Telco’s €9.55

Data protection

Data protection Dispute resolution Court Compliance

European Data Protection Roundup – April 2024

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection

Data protection Compliance Law Law

European Data Protection Roundup – January 2021

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. This was bolstered by the ICO’s announcement that it is resuming investigations into real time bidding and the adtech industry that were paused in May 2020 due to COVID-19. EDPB publishes new data breach notification guidance.

Data protection

Data protection Time-tracking Defendant Court

European Data Protection Roundup – Q4 2024

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection

Data protection Compliance Court State law

European Data Protection Roundup: 2020 in Five Trends

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. Second , enforcement goes far beyond data breaches and the GDPR. million and £99.2

Data protection

Data protection Litigator Litigation Failure-to-appear

European Data Protection Roundup – March 2021

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection

Data protection Compliance Court Law

European Data Protection Roundup – October 2020

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection

Data protection Intellectual Property e-records Machine learning

My 20 Most-Read Posts of 2022

LawSites

DECEMBER 27, 2022

Notably, the post that captured the most eyes was about New York becoming the first state to mandate CLE in cybersecurity, privacy and data protection. The second most popular post was a test of the BriefCatch legal editing software using the leaked draft of the Supreme Court’s opinion in Dobbs v.

Data protection

Data protection Analytics Legal tech Legal tech

European Data Protection Roundup – April 2023

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. 22, as set out by the court.

Data protection

Data protection Software design Machine learning Software

European Data Protection Roundup – February

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection

Data protection Compliance Court Law

European Data Protection Roundup – June 2021

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection

Data protection e-filing Compliance e-records

Protection of personal data in Brazil: differences in the scope of the LGPD and the new penal practice

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case.

Data protection

Data protection Compliance Court Law

European Data Protection Roundup – February 2021

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What happened: CNIL has reminded businesses to audit their use of cookies and tracking technologies, ahead of the regulator’s October 2020 guidance coming into force at the end of March.

Data protection

Data protection Compliance Analytics Court

European Data Protection Roundup – April 2021

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection

Data protection Court Compliance Hearing

European Data Protection Roundup – May 2023

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. The amount of compensation should be assessed by Member State courts under their domestic rules.

Data protection

Data protection Compliance e-records Dispute resolution

Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records

Debevoise Data Blog

FEBRUARY 28, 2022

In this Data Blog post, we discuss recent enforcement actions and regulatory requirements for getting rid of old data and offer six tips for complying with these developing obligations. The UK Data Protection Act of 2018 has a similar provision. See Wai Feng Trading Co. Quick Fitting, Inc. 2019 WL 118412 (D. Wetzel (W.D.

e-filing

e-filing Compliance Litigator Litigation

Tough Cookie: French CNIL Hits Google and Amazon with a Total of €135 million in Fines

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. In 2019 and 2020, the CNIL’s inspectors performed online checks of google.fr This fine was upheld on appeal in June 2020 (see our comments on the decision). and amazon.fr

Data protection

Data protection Compliance Court

New Automated Decision-Making Laws: Four Tips for Compliance

Debevoise Data Blog

JUNE 25, 2022

On March 11, 2021, the Amsterdam District Court found in favor of Uber in both suits ( see here and here ), holding that Article 22 did not apply because the decisions reached by these systems did not have “legal or similarly significant effects.”

Compliance

Compliance Law Law Data protection

European Data Protection Roundup – June & July 2023

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection

Data protection Analytics Compliance Time-tracking

Personal data protection: why a Data Transfer Impact Assessment should be part of your GDPR compliance

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection

Data protection Compliance Court Law

SEC Information Requests: UK Privacy Regulator Clarifies Position

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What did the ICO find?

Data protection

Data protection Compliance Court Law

Transfer of Data to Google Analytics as a Breach of the GDPR: Decision of the Court in Germany

Legal IT Group

MAY 17, 2023

Recently, the Cologne District Court ruled that a German mobile operator’s use of Google Analytics violated the GDPR’s requirements for international data transfers. The Cologne District Court ruling only applies to the defendant in the case, Telekom Deutschland GmbH.

Analytics

Analytics Court Data protection Defendant

European Data Protection Roundup – May 2021

Debevoise Data Blog

JUNE 16, 2021

We also saw developments in the courts on when companies will be liable to pay individuals damages for GDPR violations and the German anti-trust regulator using its new enforcement powers. These decisions follow the CNIL’s October 2020 updated cookies guidelines (see our blog post ).

Data protection

Data protection Compliance Court Time-tracking

Cookies: The coming revolution

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection

Data protection Analytics e-filing Compliance

The Digital Markets Act: A revolution, and not only for gatekeepers

new tech law blog

JUNE 22, 2023

This is because the obligations and prohibitions imposed on gatekeepers will either directly or indirectly vest other groups with rights they can pursue before national courts. The DMA vests these entities with certain rights, directly or indirectly, which they can enforce before national courts (Art. DMA recital 12). 5, 6 and 7 DMA.

Compliance

Compliance Data protection Court Software

Take Three: New European Adequacy Decision Gives Green Light to EU-U.S. Data Protection Framework

Debevoise Data Blog

JULY 31, 2023

Data Privacy Framework (the “DPF”). The decision enables businesses in Europe to transfer personal data to DPF-certified U.S. businesses without having to implement additional data protection safeguards. Data subjects may lodge complaints through both U.S.- The DPF is the third U.S. or EU-based recourse mechanisms.

Data protection

Data protection Dispute resolution e-filing e-records

New EU guidance & SCCs on cross-border data transfers – 10 things you need to know

Debevoise Data Blog

DECEMBER 1, 2020

The European Data Protection Board (“EDPB”) recently published new guidance on how companies can validly transfer EU personal data to the many countries that have not been deemed by the EU Commission to generally provide an adequate level of data protection – most notably the U.S. (so

Data protection

Data protection Litigator Litigation Law

A sigh of relief? EU-US data transfers

Technology Law Dispatch

JANUARY 5, 2023

The previous EU-US Privacy Shield was invalidated by the Court of Justice of the European Union in 2020 due to the lack of protection of EU personal data. The European Data Protection Board will provide its non-binding opinion on the draft adequacy decision. What are the next steps?

Data protection

Data protection Court

Marketing Magic of Google Analytics: refrain from using or not

Legal IT Group

MARCH 6, 2023

Over 18 years of its existence, Google Analytics, and other Google services have become indispensable data processing tools for business owners and various organizations, such as educational institutions, healthcare, and sometimes even government agencies. It happened a few years ago. Presidential Executive Order No. 12.333 (E.O.

Analytics

Analytics Data protection Time-tracking Court

Third Time’s a Charm: European Commission adopts EU-U.S. Data Privacy Framework

Technology Law Dispatch

JULY 12, 2023

Data Privacy Framework (Framework) on July 10, 2023. The Court of Justice of the European Union (CJEU) had previously invalidated both the U.S.-EU EU Privacy Shield in 2020 after challenges by Austrian privacy activist Max Schrems (CJEU decisions known as Schrems I and Schrems II , respectively).

Compliance

Compliance Data protection Court Law

Key Points Regarding the DPC Decision Against Meta

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”).

Data protection

Data protection Court Compliance Hearing

Privacy Shield 2.0: Biden’s Executive Order May Pave the Way for a New EU-U.S. Data Transfer Framework

Debevoise Data Blog

OCTOBER 17, 2022

The GDPR permits data transfers from the European Economic Area (“EEA”) to a non-EEA jurisdiction if the EU Commission has decided that the recipient country meets certain criteria and thus ensures an adequate level of data protection or through other mechanisms such as EU Standard Contractual Clauses (“SCCs”).

Data protection

Data protection Court Judge Attorney

Berkeley Technology Law Journal Podcast: Digital Markets Act with Professor Jürgen Kühling

Berkley Technology Law Journal

NOVEMBER 18, 2022

Jürgen Kühling is also a member of the German Monopolies Commission since July 1, 2016 and elected chairman since September 2020. Professor Kühling has been a member of the monopolies commission since July 1, 2016 and elected chairman since September 2020. And it’s going to be checked by the European Court of Justice.

Law

Law Law Data protection Court

Berkeley Technology Law Journal Podcast: Digital Markets Act with Professor Jürgen Kühling

Berkley Technology Law Journal

NOVEMBER 18, 2022

Jürgen Kühling is also a member of the German Monopolies Commission since July 1, 2016 and elected chairman since September 2020. Professor Kühling has been a member of the monopolies commission since July 1, 2016 and elected chairman since September 2020. And it’s going to be checked by the European Court of Justice.

Law

Law Law Data protection Court

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Debevoise Data Blog

JANUARY 14, 2022

As a general rule, however, the FTC’s Division of Privacy and Identity Protection (the “DPIP”) initiates privacy and cybersecurity investigations via civil investigative demands (“CIDs”). A CID is a type of Commissioner-authorized subpoena, enforceable in court, that subjects the recipient to a number of formalized processes and timelines.

Compliance

Compliance Court Litigator Litigation

New York Becomes First State to Mandate CLE in Cybersecurity, Privacy and Data Protection

The Security ‘Scapegoat?’: When Liability Comes Knocking, CISOs Answer the Call

Webinars

Trending Sources

National Transposition of the EU Representative Actions Directive: What is the Current Status?

Webinars

Russia Introduces New Requirements for Processing of Publicly Disclosed Personal Data

FinTales Issue 32: Anti-money laundering laws, Data Bill & Fintechs

Face Forward: Strategies for Complying with Facial Recognition Laws

The Challenges That AI Poses for Data Minimization

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

European Data Protection Roundup – September

European Data Protection Roundup – November 2020

European Data Protection Roundup – April 2024

European Data Protection Roundup – January 2021

European Data Protection Roundup – Q4 2024

European Data Protection Roundup: 2020 in Five Trends

European Data Protection Roundup – March 2021

European Data Protection Roundup – October 2020

My 20 Most-Read Posts of 2022

European Data Protection Roundup – April 2023

European Data Protection Roundup – February

European Data Protection Roundup – June 2021

Protection of personal data in Brazil: differences in the scope of the LGPD and the new penal practice

European Data Protection Roundup – February 2021

European Data Protection Roundup – April 2021

European Data Protection Roundup – May 2023

Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records

Tough Cookie: French CNIL Hits Google and Amazon with a Total of €135 million in Fines

New Automated Decision-Making Laws: Four Tips for Compliance

European Data Protection Roundup – June & July 2023

Personal data protection: why a Data Transfer Impact Assessment should be part of your GDPR compliance

SEC Information Requests: UK Privacy Regulator Clarifies Position

Transfer of Data to Google Analytics as a Breach of the GDPR: Decision of the Court in Germany

European Data Protection Roundup – May 2021

Cookies: The coming revolution

The Digital Markets Act: A revolution, and not only for gatekeepers

Take Three: New European Adequacy Decision Gives Green Light to EU-U.S. Data Protection Framework

New EU guidance & SCCs on cross-border data transfers – 10 things you need to know

A sigh of relief? EU-US data transfers

Marketing Magic of Google Analytics: refrain from using or not

Third Time’s a Charm: European Commission adopts EU-U.S. Data Privacy Framework

Key Points Regarding the DPC Decision Against Meta

Privacy Shield 2.0: Biden’s Executive Order May Pave the Way for a New EU-U.S. Data Transfer Framework

Berkeley Technology Law Journal Podcast: Digital Markets Act with Professor Jürgen Kühling

Berkeley Technology Law Journal Podcast: Digital Markets Act with Professor Jürgen Kühling

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Stay Connected