Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. Second , enforcement goes far beyond data breaches and the GDPR.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Inside Privacy

APRIL 28, 2023

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. Additionally, the ICO have added a new annex on data protection fairness considerations across the AI lifecycle.

Data protection 74

Data protection Compliance Law Law 74

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What happened: CNIL has reminded businesses to audit their use of cookies and tracking technologies, ahead of the regulator’s October 2020 guidance coming into force at the end of March.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. UK ICO fines TikTok £12.7

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Inside Privacy

NOVEMBER 28, 2023

They raise various questions under regulatory and data protection and data security laws. The DiGA Regulation imposes specific data protection and data security requirements on health apps (in addition to safety, functionality, quality and interoperability requirements). 26 of the GDPR.

Data protection 57

Data protection Time-tracking Software Law 57

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. This was bolstered by the ICO’s announcement that it is resuming investigations into real time bidding and the adtech industry that were paused in May 2020 due to COVID-19. EDPB publishes new data breach notification guidance.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. Nonetheless, businesses that transfer personal data to the U.S. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 130

Data protection Compliance International law Law 130

Legal IT Group

MAY 17, 2023

The controversy surrounding data transfers from the EU to the US stems from the European Court of Justice’s invalidation of the Privacy Shield in the Schrems II case in 2020. As a result, the unrestricted transfer of all data, including analytics data, was no longer allowed.

Analytics 130

Analytics Court Data protection Defendant 130

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 130

Data protection Compliance Court Law 130

Legal IT Group

NOVEMBER 10, 2023

First of all, the data can be transferred based on the adequacy decision or subject to appropriate safeguards. Among these safeguards, in particular, are binding corporate rules, standard data protection clauses, code of conduct, and certification mechanism. After Brexit in 2020, the UK continued to use them.

Data protection 130

Data protection Compliance Law Law 130

Ikigai Law

AUGUST 11, 2023

“If you don’t see me in half a decade, just wait a little longer” – India’s data protection bill ( circa 2018 ) On 9 th August, the Digital Personal Data Protection Bill, 2023 was finally passed in the Parliament. The finish line – the new data bill What stood out?

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

JUNE 16, 2021

These decisions follow the CNIL’s October 2020 updated cookies guidelines (see our blog post ). Those that don’t, may face significant penalties; in December 2020, the CNIL fined Google and Amazon €100 million and €35 million respectively for their cookies practices (see our blogpost ).

Data protection 40

Data protection Compliance Court Time-tracking 40

LawSites

DECEMBER 1, 2021

Among its key findings: Data protection is a clear and rising threat for 46% of GC, while more than a third are concerned about increased regulation and antitrust enforcement. ” While GC in 2020 felt relatively well prepared (4.02 ” While GC in 2020 felt relatively well prepared (4.02 in 2020 to 2.9

e-discovery 98

e-discovery Compliance e-filing Data protection 98

MatterSuite

MAY 8, 2023

According to the FBI’s Internet Crime Complaint Center (IC3), in 2020, there were 791,790 complaints of suspected internet crime, resulting in an estimated loss of $4.2 In 2020, the American Bar Association reported that over 25% of law firms had experienced a data breach, with smaller firms being particularly vulnerable.

Compliance 98

Compliance Failure-to-appear Data protection Intellectual Property 98

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52

Richmond Journal of Law and Technology

MAY 2, 2023

The African Union (AU) member states and Economic Community of West African States (ECOWAS) member states are obligated to respect, protect, and promote the right to privacy and personal data protection, as stated in their declarations and conventions. [12] 27, 2020), [link] Kenya Commc’n (Amend.) 15] Ultimately, U.S.

Data protection 52

Data protection Compliance Due diligence Law 52

The North Carolina Journey of Law and Technology

NOVEMBER 18, 2023

Just over a month ago, TikTok received a $370 million fine from the Irish Data Protection Commission (DPC) for violating children’s data privacy law under the General Data Protection Regulation (GDPR).

Data protection 52

Data protection Law Law 52

Inside Privacy

DECEMBER 15, 2023

This interplay between privacy and competition law isn’t new – the UK’s privacy and competition regulators have been cooperating through their Digital Regulation Cooperation Forum since 2020 – but the joint paper serves as a timely reminder that these issues require cross-disciplinary expertise and should be considered together.

Data protection 65

Data protection Law Law 65

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. In 2019 and 2020, the CNIL’s inspectors performed online checks of google.fr This fine was upheld on appeal in June 2020 (see our comments on the decision). Background.

Data protection 52

Data protection Compliance Court 52

Technology Law Dispatch

MAY 10, 2023

The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies ( Tracking Cookie ). The report stresses that after the CJEU Schrems II judgment data transfers based on the invalidated EU-US Privacy Shield are not compliant with the GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

Debevoise Data Blog

MARCH 11, 2021

The recent publication of the SEC’s 2021 Division of Examination Priorities (the “2021 Priorities”) presents an opportunity to look back at the cybersecurity work of the SEC in 2020 and speculate about the SEC’s examination and enforcement priorities for data protection in the coming year for RIAs.

Compliance 52

Compliance Data protection Attorney 52

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What did the ICO find? What is next?

Data protection 52

Data protection Compliance Court Law 52

Inside Privacy

JULY 5, 2023

The proposed Regulation also grants complainants the right to be heard at various stages of the investigative process, including if the lead supervisory authority or European Data Protection Board intends to reject their complaint in full or in part. Roles of various supervisory authorities.

Dispute resolution 61

Dispute resolution Data protection 61

Inside Privacy

FEBRUARY 27, 2023

Background The RAD came into force on December 24, 2020 with the objective of introducing a common framework and approach to collective actions across the EU. Covington’s Data Privacy and Cybersecurity Team will continue to monitor the transposition of the EU Representative Actions Directives in EU member states.

Data protection 52

Data protection Court Litigator Litigation 52

LawSites

DECEMBER 1, 2021

Among its key findings: Data protection is a clear and rising threat for 46% of GC, while more than a third are concerned about increased regulation and antitrust enforcement. ” While GC in 2020 felt relatively well prepared (4.02 ” While GC in 2020 felt relatively well prepared (4.02 in 2020 to 2.9

e-discovery 52

e-discovery Compliance e-filing Data protection 52

Debevoise Data Blog

NOVEMBER 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. When Are Data Protection Assessments Required? Recently, a number of U.S. Recently, a number of U.S.

Data protection 52

Data protection Law Law Compliance 52