Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

CaseFox

MARCH 14, 2023

Asia received $572 Billion USD in the financial year 2021. To add a feather, decentralized platforms and blockchain games witnessed a rocket push of 2000% in 2021-22. Regulatory Compliance Earlier when platforms were centralized it was easy for legal regulatory bodies to keep an eye on every action.

Intellectual Property 98

Intellectual Property Data protection Compliance Lawyer 98

Debevoise Data Blog

FEBRUARY 20, 2023

When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.

Data protection 52

Data protection Compliance e-records Court 52

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. Virginia The Virginia Consumer Data Protection Act ( VCDPA ) was adopted in the spring of 2021 and came into force on January 01, 2023.

Data protection 52

Data protection Law Law Attorney 52

LawSites

DECEMBER 1, 2021

Sixty percent of general counsel are concerned that their risk landscape is expanding or becoming more difficult to navigate in areas spanning compliance, regulatory enforcement, data privacy, information security, emerging data sources and ongoing impacts of the pandemic. in 2020 to 2.9

e-discovery 97

e-discovery Compliance e-filing Data protection 97

Debevoise Data Blog

JUNE 25, 2022

In light of these trends, we have also included four tips for companies seeking to establish practical compliance and governance programs related to their ADM systems. What Laws Apply to Automated Decision-Making?

Compliance 52

Compliance Law Law Data protection 52

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”). Other organizations (i.e.,

Data protection 69

Data protection Court Compliance Hearing 69

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe.

Data protection 59

Data protection Analytics Compliance Court 59

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 52

Data protection Compliance International law Law 52

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. The Program is divided into four pillars, which largely reflect the priorities already set out in its Strategy 2021-2023.

Data protection 52

Data protection Compliance Law Law 52

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

Richmond Journal of Law and Technology

MAY 2, 2023

8] Among the mentioned countries, Egypt, Nigeria, South Africa, Ghana, and Morocco seem to be suitable markets for entry, as they have established specific laws or regulations to protect consumers, especially in online transactions. [9] companies to take proactive measures to protect their data and adhere to foreign laws.

Data protection 52

Data protection Compliance Due diligence Law 52

Debevoise Data Blog

MARCH 11, 2021

Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. In Virtu, the company attempted to keep its alternative trading system (“ATS”) volume below the threshold requiring compliance with Regulation Systems Compliance and Integrity (“Regulation SCI”).

Compliance 52

Compliance Data protection Attorney 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What is next?

Data protection 52

Data protection Compliance Court Law 52

LawSites

DECEMBER 1, 2021

Sixty percent of general counsel are concerned that their risk landscape is expanding or becoming more difficult to navigate in areas spanning compliance, regulatory enforcement, data privacy, information security, emerging data sources and ongoing impacts of the pandemic. in 2020 to 2.9

e-discovery 52

e-discovery Compliance e-filing Data protection 52

Legal IT Group

NOVEMBER 10, 2023

First of all, the data can be transferred based on the adequacy decision or subject to appropriate safeguards. Among these safeguards, in particular, are binding corporate rules, standard data protection clauses, code of conduct, and certification mechanism. In such cases, appropriate safeguards are used.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

SEPTEMBER 21, 2022

For UK data transfers: all new agreements executed on or after 21 September 2022 should incorporate the UK Addendum or IDTA; and all existing agreements incorporating the old SCCs must be updated by 21 March 2024 (or sooner if the processing operations change before then).

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

NOVEMBER 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of China. The last of these, the PIPL, became effective November 1, 2021. Any data processor that transfers “important data”.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

APRIL 14, 2023

In January 2021, the FCA had already highlighted the challenges and risk of misconduct arising from the increasing use of unmonitored or encrypted communication tools, emphasising that communications must be recorded and auditable. What action should firms take?

e-records 52

e-records Compliance e-filing Data protection 52

Inside Privacy

APRIL 24, 2023

For example, in October 2022, the Bank of England and Financial Conduct Authority (“FCA”) jointly released a Discussion Paper on Artificial Intelligence and Machine Learning considering how AI in financial services should be regulated and, in March 2023, the ICO updated its Guidance on AI and Data Protection.

Intellectual Property 69

Intellectual Property Data protection Machine learning Compliance 69

Debevoise Data Blog

NOVEMBER 29, 2023

Member States will be required to designate AI oversight authorities to ensure compliance with the new regulations. While some countries have indicated that they intend to allocate responsibility to their existing data protection authorities, others (such as Spain ) will create specific AI-focused agencies.

Compliance 52

Compliance Data protection e-records Law 52

Debevoise Data Blog

OCTOBER 11, 2021

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”). 1 The PIPL will take effect on November 1, 2021. The sheer amount of serial change to Chinese law adds to compliance challenges. WHAT ARE THE CONSEQUENCES OF NON-COMPLIANCE?

Law 52

Law Law e-records Compliance 52

Debevoise Data Blog

OCTOBER 4, 2021

On September 21, 2021, the U.S. In this Part 2, we discuss the measures that financial institutions can adopt to mitigate their ransomware sanctions risks, and why those compliance controls differ from the steps being taken by victims.

Due diligence 52

Due diligence Compliance Data protection Law 52

Debevoise Data Blog

MARCH 4, 2021

state with a comprehensive privacy law, with Governor Ralph Northam’s signing of the Virginia Consumer Data Protection Act (“VCDPA”) on March 2, 2021. law in the direction of its overseas cousin, the European Union’s General Data Protection Regulation (“GDPR”). Virginia has just become the second U.S.

Data protection 52

Data protection Law Law Compliance 52

Legal IT Group

JANUARY 30, 2023

This is the amount of a fine paid by a well-known company for violating the rules of the European General Data Protection Regulation (the GDPR). In this article, you will learn about the top 7 largest fines of 2022 and the personal data practices that should be avoided in your business. Is 1,000 EUR a lot for a business?

Compliance 52

Compliance Data protection Analytics Law 52

Legal IT Group

MARCH 21, 2023

Therefore, a logical question arises: what should an employer know about the use of personnel monitoring tools in order not to violate the requirements of personal data protection legislation? Justifying the need for monitoring The General Data Protection Regulation (GDPR) does not prohibit surveillance of employees in the workplace.

Data protection 52

Data protection Time-tracking Software Compliance 52

Debevoise Data Blog

JANUARY 30, 2023

Last year, yet again, saw significant GDPR enforcement actions, important regulatory guidance, and an abundance of European legislative activity touching on cyber, data protection and AI-regulatory issues. Children’s Privacy Multiple regulators turned their attention to companies that process children’s personal data.

Data protection 52

Data protection Compliance Analytics Law 52

Debevoise Data Blog

OCTOBER 26, 2021

This would seem to eliminate not just the possibility of compliance-by-signage but also the possibility of online consent. Massachusetts would also completely ban “monetizing” – a term defined broadly –biometric identifiers as well as geolocation data. Compliance.

Compliance 52

Compliance Federal law Data protection Machine learning 52