Inside Privacy

MARCH 14, 2023

Following a report, the French supervisory authority (“CNIL”) audited two organizations carrying out medical research in early 2022 to check their compliance with these requirements. Despite being found in breach of the French data protection rules, none of the audited organizations were fined.

Data protection 65

Data protection Compliance 65

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Ikigai Law

AUGUST 3, 2023

Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.

Data protection 52

Data protection Compliance e-filing Hearing 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

DECEMBER 22, 2023

For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. In particular, the paper recommends the use of internal data access controls, regular auditing of data security measures, and the use of data protection impact assessments.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Debevoise Data Blog

OCTOBER 20, 2023

Key takeaways from September include: UK-US data bridge: From 12 October 2023, UK businesses will be able to transfer personal data to certain US organisations certified under a UK-specific extension to the EU-U.S. data bridge from 12 October 2023. These developments, and more, covered below. For the wider UK-U.S.-EU

Data protection 52

Data protection Intellectual Property Compliance Law 52

Legal IT Group

JANUARY 4, 2023

Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. However, it is not enough to just formally have such policies in place.

Compliance 52

Compliance Data protection Law Law 52

Debevoise Data Blog

FEBRUARY 20, 2023

When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.

Data protection 52

Data protection Compliance e-records Court 52

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. The California Privacy Rights Act ( CPRA ) amends the CCPA and came into force (for the most part) on January 01, 2023.

Data protection 52

Data protection Law Law Attorney 52

Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them.

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

JUNE 1, 2023

Privacy and Data Protection , a leading UK journal on practical data protection compliance issues, has featured in its latest edition an article by Robert Maddox and Stephanie Thomas on the hallmarks of effective data protection by design and default under the EU and UK GDPR.

Data protection 52

Data protection Compliance 52

Ikigai Law

AUGUST 9, 2023

It originally appeared in the July 2023 Edition of FinTales, our monthly fintech newsletter. No piece of legislation has taken more punches than our elusive data protection law. The data law is nearly here! The Digital Personal Data Protection Bill, 2023 was introduced in Parliament on 3 August 2023.

Data protection 52

Data protection Analytics Compliance Law 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

MARCH 26, 2023

EDPB’s new work programme prioritises new technologies and cooperation amongst supervisory authorities What happened : The EDPB adopted its work programme for 2023/24. The recipient entity may be able to rely on legitimate interests in certain circumstances. Facilitating harmonisation amongst national supervisory authorities.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JANUARY 25, 2024

They are also reminded of their obligation to maintain appropriate technical and organisational measures in relation to their data processing, and may wish to review their compliance with these measures. It remains to be seen whether data protect authorities will provide guidance on how to interpret the “draw strongly” condition.

Data protection 40

Data protection Court e-records Compliance 40

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. The ban follows recent public sector scandals involving the use of facial recognition technology.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). These developments, and more, covered below.

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Technology Law Dispatch

MARCH 24, 2023

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill No.2. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations in the UK.

Data protection 52

Data protection Failure-to-appear Compliance Software 52

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. As a result, 2023 could be an exciting and a busy year for privacy and data. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe.

Data protection 59

Data protection Analytics Compliance Court 59

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

SEPTEMBER 12, 2022

The Amendments became effective on September 1, 2022, save for certain provisions that will become effective on March 1, 2023. The penalties for non-compliance are relatively modest in comparison to those in the European Union and the United Kingdom. The United States and China are not among the Permitted Jurisdictions at this time.

Data protection 52

Data protection Compliance Time-tracking Litigator 52

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. The Program is divided into four pillars, which largely reflect the priorities already set out in its Strategy 2021-2023.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

DECEMBER 18, 2023

As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2023 by page views. At the December 8, 2023 board meeting , the CPPA voted to advance the recently updated proposed cybersecurity audit regulations to formal rulemaking. Similar trends exist in the EU.

Data protection 52

Data protection Compliance Hearing Attorney 52

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

CaseFox

FEBRUARY 27, 2023

In 2023, it’s crucial for big & small law firms to adapt to law tech. Compliance Finally, legal tech can help firms ensure compliance with legal and regulatory requirements. For example, tools for managing data privacy and security can help firms to comply with data protection laws.

Legal tech 97

Legal tech Legal tech Law firm Document automation 97

Technology Law Dispatch

APRIL 27, 2023

Digital Markets Act: Developments since its proposal Following the European Commission’s initial proposal of the Digital Markets Act (DMA) in December 2020, its adoption by the European Parliament in March 2022 and the entry into force on November 1, 2022, the DMA will finally apply from May 2, 2023.

Compliance 52

Compliance Data protection 52

Inside Privacy

MARCH 12, 2024

On February 28, the European Data Protection Board (“EDPB”) announced that EU supervisory authorities (“SAs”) will undertake a coordinated enforcement action in 2024 regarding data subjects’ right of access under the GDPR. In 2023, regulators focused upon data protection officers’ designation and role.

Data protection 72

Data protection Compliance 72

Rocket Matter

SEPTEMBER 3, 2024

Although the healthcare industry has the most issues with security threats, according to a 2023 report from IBM , 27% of law firms have been affected. If you don’t want to become a statistic, take a hard look at your security protocols and compliance. Do you know where all of your client data is and how it is used?

Compliance 52

Compliance Law firm Law Law 52

Technology Law Dispatch

JUNE 30, 2023

On 7 June 2023, the European Union Agency for Cybersecurity (ENISA) released a report Multilayer Framework for Good Cybersecurity Practices for AI (“Framework”) in response to the evolving landscape of artificial intelligence (AI) and the associated cybersecurity challenges.

Data protection 88

Data protection Compliance 88

CloudNine

JANUARY 10, 2024

By Rick Clark and Jacob Hesse 2023 was an eventful year in the world of legal technology, with new technology emerging to address both traditional and new challenges legal teams face when collecting, processing, and reviewing data for litigation, investigations, or public access requests.

Compliance 104

Compliance Machine learning Litigator Litigation 104

Debevoise Data Blog

JUNE 25, 2022

In this Debevoise Data Blog post, we discuss several new laws focused on ADM that are either in effect today or will go into effect in 2023, as well as circumstances in which litigants have used these laws to challenge companies’ uses of ADM tools. What Laws Apply to Automated Decision-Making? Québec Bill 64 ( effective Sept.

Compliance 52

Compliance Law Law Data protection 52

Technology Law Dispatch

JULY 28, 2023

The Information Commissioner’s Office (ICO) has published a report on reprimands issued in the second quarter of the year, from April to June 2023. Review and update data protection policies, procedures, and guidance, emphasizing the detection and reporting of personal data breaches.

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

APRIL 18, 2023

Safety, security and robustness – regulators may need to consider technical standards, for example addressing testing and data quality. Accountability and governance – regulators will need to determine who is accountable for compliance with existing regulation and the principles, and provide guidance on how to demonstrate accountability.

Data protection 59

Data protection Compliance 59

Inside Privacy

MAY 30, 2023

On April 4, 2023, the European Commission announced that the EU and Japan had successfully completed the first periodic review of the Japan-EU mutual adequacy arrangement , adopted in 2019. The amendments include, among other things, strengthened data security obligations (e.g., Powers of the PPC. Contact points for EU individuals.

Data protection 61

Data protection Mediator Compliance 61