Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. The court concluded that the legitimate interest could have been furthered through less intrusive means.

Data protection 52

Data protection Court Defendant Law 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

JUNE 16, 2021

We also saw developments in the courts on when companies will be liable to pay individuals damages for GDPR violations and the German anti-trust regulator using its new enforcement powers. This follows a February 2021 reference by the German courts to the CJEU on whether the GDPR imposes a materiality threshold for damages claims.

Data protection 40

Data protection Compliance Court Time-tracking 40

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

SEPTEMBER 9, 2021

UK DPA launches data transfer consultation What happened : The ICO launched a consultation covering its international data transfer guidance, draft transfer risk assessment tool (“TRA”) and draft international data transfer agreement (“ IDTA ”). These developments, and more, covered below.

Data protection 52

Data protection Court Litigator Litigation 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ). Bonn Regional Court slashes Telco’s €9.55

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

JULY 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. These developments, and more, are covered below.

Data protection 52

Data protection Time-tracking Mediator Analytics 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

FEBRUARY 20, 2023

The Task Force was convened in September 2021 following hundreds of cookie banner-related complaints from the European Center for Digital Rights. EDPB’s cookie banner task force report highlights user-friendly design choices What happened : In January 2023, the EDPB adopted a final report on the Cookie Banner Task Force’s work.

Data protection 52

Data protection Compliance e-records Court 52

LawSites

SEPTEMBER 6, 2023

With the goal of simplifying and standardizing those business dealings, the non-profit organization oneNDA developed an open-source NDA that, since its launch in 2021, has been adopted by more than 1,000 companies, including American Express, Google, Novartis and Panasonic. The formally launched version one in August 2021.

Software 122

Software Dispute resolution Time-tracking Data protection 122

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”). Other organizations (i.e.,

Data protection 69

Data protection Court Compliance Hearing 69

Vogel IT Law

APRIL 4, 2023

HealthCareInfoSecurity.com reported that “A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019.” Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021.

Data protection 52

Data protection Court Litigator Litigation 52

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend.

Data protection 59

Data protection Analytics Compliance Court 59

new tech law blog

MARCH 14, 2022

This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France).

Data protection 52

Data protection Analytics e-filing Compliance 52

new tech law blog

DECEMBER 2, 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

SEPTEMBER 21, 2022

In the wake of the Court of Justice of the European Union’s decision in Schrems II (covered here and here ) and Brexit, the EU and UK respectively updated and issued new cross-border transfer clauses. What happened? For many businesses, implementing the new SCCs and IDTA or Addendum at the same time will be most efficient.

Data protection 52

Data protection Compliance Court 52

Debevoise Data Blog

APRIL 19, 2021

On 1 March 2021, Federal Law No. 519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. This is additional to general data processing consent, which is still required under pre-existing data protection law. Transfer of Publicly Disclosed Personal Data.

Due diligence 52

Due diligence Data protection Federal law Court 52

Debevoise Data Blog

FEBRUARY 8, 2021

On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based SEC-regulated firms’ (“SEC–Regulated UK Firms”) ability to comply with SEC data requests. What was the issue? What is next?

Data protection 52

Data protection Compliance Court Law 52

Ikigai Law

MAY 9, 2023

What’s the issue: Comedian Kunal Kamra has sought a stay on the amendments at the Bombay High Court arguing that they’re arbitrary, unconstitutional, and place unreasonable restrictions on free speech. The Court has asked the government to file a complete response to Kamra’s petition including the question on competence.

Data protection 52

Data protection Court Hearing Law 52

Legal IT Group

MARCH 21, 2023

Therefore, a logical question arises: what should an employer know about the use of personnel monitoring tools in order not to violate the requirements of personal data protection legislation? Justifying the need for monitoring The General Data Protection Regulation (GDPR) does not prohibit surveillance of employees in the workplace.

Data protection 52

Data protection Time-tracking Software Compliance 52

Legal Tech Monitor

SEPTEMBER 6, 2023

With the goal of simplifying and standardizing those business dealings, the non-profit organization oneNDA developed an open-source NDA that, since its launch in 2021, has been adopted by more than 1,000 companies, including American Express, Google, Novartis and Panasonic. The formally launched version one in August 2021.

Software 52

Software Dispute resolution Time-tracking Data protection 52

Debevoise Data Blog

JUNE 25, 2022

On March 11, 2021, the Amsterdam District Court found in favor of Uber in both suits ( see here and here ), holding that Article 22 did not apply because the decisions reached by these systems did not have “legal or similarly significant effects.”

Compliance 52

Compliance Law Law Data protection 52

Debevoise Data Blog

OCTOBER 18, 2021

Digital Doorbells: If any more evidence is needed that facial recognition technology has hit the mainstream, consider CNET’s review of the best facial recognition security cameras of 2021. What Kind of Data Do Facial Recognition Laws Cover? C20-1084JLR, 2021 WL 1401633, at *2 (W.D. C20-1082JLR, 2021 WL 1401634, at *5 (W.D.

Law 52

Law Law Court Time-tracking 52

Debevoise Data Blog

JULY 7, 2021

Companies will only be able to enter into new agreements containing the old SCCs until 26 September 2021, and all contracts using the old SCCs concluded before then will need the new SCCs incorporated by 27 December 2022. Companies therefore need to decide when, and how, they will roll out the new SCCs. What do you need to do?

Data protection 40

Data protection Compliance Litigator Litigation 40

Debevoise Data Blog

OCTOBER 26, 2021

Further, in a case that we have covered previously involving a supermarket using video surveillance with facial recognition capabilities, the Spanish data protection authority (the “AEDP”) fined grocer Mercadona for violating numerous provisions of the EU’s General Data Protection Regulation.

Compliance 52

Compliance Federal law Data protection Machine learning 52

Dennis Kennedy

SEPTEMBER 10, 2023

The 2021 training cut-off for GPT large language models should be taken into account. I address that by using techniques like specifying that a person be an expert in the principles and approaches set out in the works of someone whose works are before 2021. In the case of ChatGPT, how do we deal with the current 2021 training cut-off?

Legal technology 71

Legal technology Legal technology Law Law 71

Legal Tech Monitor

SEPTEMBER 10, 2023

The 2021 training cut-off for GPT large language models should be taken into account. I address that by using techniques like specifying that a person be an expert in the principles and approaches set out in the works of someone whose works are before 2021. In the case of ChatGPT, how do we deal with the current 2021 training cut-off?

Legal technology 52

Legal technology Legal technology Law Law 52

Eric Goldman

AUGUST 16, 2024

Blockbuster with the North Carolina Supreme Court decision in Canteen v. That left the majority’s discussion on the constitutionality of content moderation, which provides a modern Supreme Court take regarding the tsunami of censorship laws heading for the Supreme Court. I replaced Harris v. The Harris v.

Dispute resolution 116

Dispute resolution Law Law Court 116

LawSites

DECEMBER 27, 2022

Notably, the post that captured the most eyes was about New York becoming the first state to mandate CLE in cybersecurity, privacy and data protection. The second most popular post was a test of the BriefCatch legal editing software using the leaked draft of the Supreme Court’s opinion in Dobbs v.

Data protection 80

Data protection Analytics Legal tech Legal tech 80

Law Technology Today

MARCH 23, 2023

According to the Future Ready Lawyer 2021 report , 84% of legal departments have increased their technology budgets in the last year. Improved Data Protection: Law firms are increasingly concerned about data security since technology is used more frequently.

Legal technology 84

Legal technology Legal technology e-discovery Lawyer 84

Debevoise Data Blog

FEBRUARY 28, 2022

The FTC alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) Rule and Section 5 of the FTC Act, based on the company’s collection and retention of personal information from children without proper notice and consent. The UK Data Protection Act of 2018 has a similar provision. Quick Fitting, Inc.

e-filing 52

e-filing Compliance Litigator Litigation 52

Debevoise Data Blog

JANUARY 19, 2021

In particular: in what circumstances, if any, would regulators or courts find that a flawed machine learning or AI model must be scrapped entirely? On January 11, 2021, the FTC adopted the mothball approach , entering into a settlement requiring Everalbum, Inc. A hot-off-the-press decision from the U.S.

Machine learning 45

Machine learning Court Data protection Law 45

ABA TECHSHOW

JANUARY 25, 2024

According to the Future Ready Lawyer 2021 report , 84% of legal departments have increased their technology budgets in the last year. Improved Data Protection: Law firms are increasingly concerned about data security since technology is used more frequently.

Legal technology 45

Legal technology Legal technology e-discovery Lawyer 45