Legal Tech Monitor

SEPTEMBER 6, 2023

With the goal of simplifying and standardizing those business dealings, the non-profit organization oneNDA developed an open-source NDA that, since its launch in 2021, has been adopted by more than 1,000 companies, including American Express, Google, Novartis and Panasonic. The formally launched version one in August 2021.

Software 52

Software Dispute resolution Time-tracking Data protection 52

Debevoise Data Blog

OCTOBER 18, 2021

Digital Doorbells: If any more evidence is needed that facial recognition technology has hit the mainstream, consider CNET’s review of the best facial recognition security cameras of 2021. What Kind of Data Do Facial Recognition Laws Cover? C20-1084JLR, 2021 WL 1401633, at *2 (W.D. C20-1082JLR, 2021 WL 1401634, at *5 (W.D.

Law 52

Law Law Court Time-tracking 52

Debevoise Data Blog

OCTOBER 26, 2021

Further, in a case that we have covered previously involving a supermarket using video surveillance with facial recognition capabilities, the Spanish data protection authority (the “AEDP”) fined grocer Mercadona for violating numerous provisions of the EU’s General Data Protection Regulation.

Compliance 52

Compliance Federal law Data protection Machine learning 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Dennis Kennedy

SEPTEMBER 10, 2023

The 2021 training cut-off for GPT large language models should be taken into account. I address that by using techniques like specifying that a person be an expert in the principles and approaches set out in the works of someone whose works are before 2021. In the case of ChatGPT, how do we deal with the current 2021 training cut-off?

Legal technology 71

Legal technology Legal technology Law Law 71

Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. The court concluded that the legitimate interest could have been furthered through less intrusive means.

Data protection 52

Data protection Court Defendant Law 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. If January is anything to go by, 2021 will be the same. The guidelines will be a new “go to” resource for those preparing for, and responding to, data breaches. Deliveroo algorithm ruled discriminatory by Italian court.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

FEBRUARY 20, 2023

The Task Force was convened in September 2021 following hundreds of cookie banner-related complaints from the European Center for Digital Rights. EDPB’s cookie banner task force report highlights user-friendly design choices What happened : In January 2023, the EDPB adopted a final report on the Cookie Banner Task Force’s work.

Data protection 52

Data protection Compliance e-records Court 52

Legal Tech Monitor

SEPTEMBER 10, 2023

The 2021 training cut-off for GPT large language models should be taken into account. I address that by using techniques like specifying that a person be an expert in the principles and approaches set out in the works of someone whose works are before 2021. In the case of ChatGPT, how do we deal with the current 2021 training cut-off?

Legal technology 52

Legal technology Legal technology Law Law 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection 52

Data protection Compliance Court State law 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ). Bonn Regional Court slashes Telco’s €9.55

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

LawSites

DECEMBER 27, 2022

Notably, the post that captured the most eyes was about New York becoming the first state to mandate CLE in cybersecurity, privacy and data protection. The second most popular post was a test of the BriefCatch legal editing software using the leaked draft of the Supreme Court’s opinion in Dobbs v.

Data protection 94

Data protection Analytics Legal tech Legal tech 94

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. In Ireland, the DPA’s 2020 Annual Report revealed that the regulator considerably expanded its cookies investigations last year and has confirmed that cookies compliance is an enforcement priority for 2021.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Eric Goldman

AUGUST 16, 2024

Blockbuster with the North Carolina Supreme Court decision in Canteen v. That left the majority’s discussion on the constitutionality of content moderation, which provides a modern Supreme Court take regarding the tsunami of censorship laws heading for the Supreme Court. I replaced Harris v. The Harris v.

Dispute resolution 116

Dispute resolution Law Law Court 116

Debevoise Data Blog

SEPTEMBER 9, 2021

UK DPA launches data transfer consultation What happened : The ICO launched a consultation covering its international data transfer guidance, draft transfer risk assessment tool (“TRA”) and draft international data transfer agreement (“ IDTA ”). These developments, and more, covered below.

Data protection 52

Data protection Court Litigator Litigation 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Legal IT Group

MARCH 21, 2023

Therefore, a logical question arises: what should an employer know about the use of personnel monitoring tools in order not to violate the requirements of personal data protection legislation? Justifying the need for monitoring The General Data Protection Regulation (GDPR) does not prohibit surveillance of employees in the workplace.

Data protection 52

Data protection Time-tracking Software Compliance 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Law Technology Today

MARCH 23, 2023

According to the Future Ready Lawyer 2021 report , 84% of legal departments have increased their technology budgets in the last year. Improved Data Protection: Law firms are increasingly concerned about data security since technology is used more frequently.

Legal technology 84

Legal technology Legal technology e-discovery Lawyer 84

Debevoise Data Blog

JUNE 16, 2021

We also saw developments in the courts on when companies will be liable to pay individuals damages for GDPR violations and the German anti-trust regulator using its new enforcement powers. This follows a February 2021 reference by the German courts to the CJEU on whether the GDPR imposes a materiality threshold for damages claims.

Data protection 40

Data protection Compliance Court Time-tracking 40

Debevoise Data Blog

FEBRUARY 28, 2022

The FTC alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) Rule and Section 5 of the FTC Act, based on the company’s collection and retention of personal information from children without proper notice and consent. The UK Data Protection Act of 2018 has a similar provision. Quick Fitting, Inc.

e-filing 52

e-filing Compliance Litigator Litigation 52

Debevoise Data Blog

JUNE 25, 2022

On March 11, 2021, the Amsterdam District Court found in favor of Uber in both suits ( see here and here ), holding that Article 22 did not apply because the decisions reached by these systems did not have “legal or similarly significant effects.”

Compliance 52

Compliance Law Law Data protection 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JANUARY 19, 2021

In particular: in what circumstances, if any, would regulators or courts find that a flawed machine learning or AI model must be scrapped entirely? On January 11, 2021, the FTC adopted the mothball approach , entering into a settlement requiring Everalbum, Inc. A hot-off-the-press decision from the U.S.

Machine learning 45

Machine learning Court Data protection Law 45

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What is next?

Data protection 52

Data protection Compliance Court Law 52

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

ABA TECHSHOW

JANUARY 25, 2024

According to the Future Ready Lawyer 2021 report , 84% of legal departments have increased their technology budgets in the last year. Improved Data Protection: Law firms are increasingly concerned about data security since technology is used more frequently.

Legal technology 45

Legal technology Legal technology e-discovery Lawyer 45

Debevoise Data Blog

MARCH 21, 2022

And second, even if the model can be completely cleansed of the tainted data, should the appropriate remedy for the data violation include destruction of the model? International & Kurbo On March 3, 2022, the FTC reached a court-approved settlement with Kurbo, Inc. This is an important course correction.”

Machine learning 40

Machine learning Court Time-tracking Compliance 40

Debevoise Data Blog

DECEMBER 1, 2020

The European Data Protection Board (“EDPB”) recently published new guidance on how companies can validly transfer EU personal data to the many countries that have not been deemed by the EU Commission to generally provide an adequate level of data protection – most notably the U.S. (so

Data protection 40

Data protection Litigator Litigation Law 40