Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. 22, as set out by the court.

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Ikigai Law

AUGUST 3, 2023

Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.

Data protection 52

Data protection Compliance e-filing Hearing 52

Debevoise Data Blog

JUNE 8, 2023

As we covered here , last October, the CNIL fined Clearview AI €20 million for various data protection violations, including “intrusive and massive” data processing without consent or a valid legitimate interest. The amount of compensation should be assessed by Member State courts under their domestic rules.

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

DECEMBER 22, 2023

Businesses may want to consider how the courts reasoning may apply to other circumstances when dealing with disclosure requests. For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. UK and U.S.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them.

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

FEBRUARY 20, 2023

EDPB’s cookie banner task force report highlights user-friendly design choices What happened : In January 2023, the EDPB adopted a final report on the Cookie Banner Task Force’s work. Both investigations concerned the lawful basis relied on for the processing of user data to deliver personalised advertising.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

JANUARY 25, 2024

Nevertheless, when considering the appropriateness of protective measures, the obligation rests on the data controller to prove that they met the required standard. The rulings arose at the request of both the German and Lithuanian courts, following local administrative fines. The Court ruled that: “Scoring” (i.e.,

Data protection 40

Data protection Court e-records Compliance 40

Debevoise Data Blog

JULY 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Time-tracking Mediator Analytics 52

Debevoise Data Blog

MARCH 26, 2023

EDPB’s new work programme prioritises new technologies and cooperation amongst supervisory authorities What happened : The EDPB adopted its work programme for 2023/24. The recipient entity may be able to rely on legitimate interests in certain circumstances. Facilitating harmonisation amongst national supervisory authorities.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. As a result, 2023 could be an exciting and a busy year for privacy and data. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe.

Data protection 59

Data protection Analytics Compliance Court 59

Debevoise Data Blog

DECEMBER 13, 2022

Italy bans private use of facial recognition technology What happened : On 14 November 2022, the Italian Garante announced that the use of existing and new facial recognition systems that use biometric data is prohibited until a new law is passed, and at least until the end of 2023.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). These developments, and more, covered below.

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection e-records Compliance Court 52

Vogel IT Law

SEPTEMBER 12, 2023

GoveInfoSecurity.com reported that “A Norway court sided with the country’s data protection authority in a battle against Facebook over surveillance based-ads, ruling that the agency has the authority to tell the social media giant to temporarily halt behavioral tracking without explicit consent or face daily fines.”

Court 52

Court Data protection Law Law 52

Inside Privacy

APRIL 3, 2023

On March 2, 2023, the Court of Justice of the EU (“CJEU”) decided, in case C-268/21 , that the GDPR applies to the production of evidence in civil court proceedings. The case sets limits on, but does not preclude, the production of personal data in court proceedings.

Court 52

Court Data protection Litigator Litigation 52

Inside Privacy

MARCH 15, 2023

On February 28, 2023, the European Data Protection Board (“EDPB”) released its non-binding opinion on the European Commission’s draft adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). law to access the personal data of EU data subjects. The EDPB notes that onward transfers of data by U.S.

Data protection 74

Data protection Court Law Law 74

Legal Tech Monitor

DECEMBER 10, 2023

On December 7, 2023 Wolters Kluwer released the following announcement : Legal & Regulatory division continues to redefine the landscape for legal professionals Wolters Kluwer Legal & Regulatory (LR) today announced an innovative feature for legal professionals: Generative Pre-training Transformer (GPT)-generated summaries of court rulings.

Legal research 52

Legal research Court Data protection Legal tech 52

Inside Privacy

MAY 4, 2023

On May 4, 2023, the Court of Justice of the European Union (‘CJEU’) decided, in case C-487/21 , that the right to obtain a ‘copy’ of personal data means that the data subject must provide with a faithful and intelligible reproduction of all personal data. Fulfilling the right of access.

Intellectual Property 74

Intellectual Property Data protection Court Law 74

Inside Privacy

MAY 5, 2023

On March 4, 2023, the European Court of Justice (”CJEU”) issued its judgment on case C-300/21, UI v Österreichische Post AG. In the Court’s view, Article 82 requires establishing: (i) “damage”, either material or non-material; (ii) an actual infringement of the GDPR; and (iii) a causal link between the two.

Data protection 79

Data protection Court Law Law 79

Technology Law Dispatch

JULY 31, 2023

In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR).

Data protection 52

Data protection Court Law Law 52

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”).

Data protection 69

Data protection Court Compliance Hearing 69

Technology Law Dispatch

FEBRUARY 22, 2023

The Court of Justice of the European Union (“ CJEU ”) issued a judgment on the 9 th of February 2023 (docket no. C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. KG. (“ X-FAB ”) and several of its group companies.

Data protection 59

Data protection Court Compliance Federal law 59

Eric Goldman

OCTOBER 16, 2023

When the AADC is properly reframed as imposing barriers to reading and publishing constitutionally protected content, the conditions imposed by the AADC look clearly like speech restrictions. ” That’s true, and the court could have stopped there because the rest of the AADC will fail when the age authentication requirement falls.

Court 109

Court Failure-to-appear Data protection Judge 109

Percipient

APRIL 22, 2023

Companies must also foot the bill for consumer data requests authorized under privacy regulations unless the request is “excessive.” 23, 2015) the court observed that responding parties presumptively bear the expense of complying with discovery requests unless the expense is “significant.” 11 cv 4071 (N.D.

e-discovery 97

e-discovery Court e-records Litigator 97

Inside Privacy

NOVEMBER 13, 2023

On October 26, 2023, the European Court of Justice (“CJEU”) decided that the GDPR grants a patient the right to obtain a copy of his or her medical record free of charge ( case C-307/22, FT v DW ). If you have any questions about the interaction between data protection and local laws we are happy to assist.

Data protection 69

Data protection Law Law Court 69

Ikigai Law

MAY 9, 2023

India’s new frontier – space Image Credit: Shutterstock India’s Space Policy 2023 has opened the sector to Indian private entities. What’s the issue: Comedian Kunal Kamra has sought a stay on the amendments at the Bombay High Court arguing that they’re arbitrary, unconstitutional, and place unreasonable restrictions on free speech.

Data protection 52

Data protection Court Hearing Law 52

Technology Law Dispatch

MAY 3, 2023

The DPF was originally predicted to pass in early 2023 but putting a resolution to Parliament’s vote suggests looming delays. The DPF would allow free and safe data transfers between the EU and the US for US companies self-certified under DPF, bringing many commercial benefits to businesses on both sides. What’s next?

Data protection 52

Data protection Court Compliance Law 52

Eric Goldman

FEBRUARY 15, 2024

The DSA will require much agency and court interpretation to give legal certainty to intermediaries and the recipients of their services. The DSA promises to change the internet inside the EU, and likely create spillover effects outside the EU. As the GDPR has shown, such spillover can result in U.S.

Due diligence 105

Due diligence Data protection Compliance Court 105

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. The ICO Position On 9 August 2023, the UK Information Commissioner’s Office (“ICO”) clarified its position on the “Reject All” button in cookie banners.

Data protection 59

Data protection Compliance Court Law 59

Technology Law Dispatch

MARCH 13, 2023

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (‘ LIBE Committee ’) and the European Data Protection Board (‘ EDPB ’) have recently issued opinions on the European Commission’s draft US adequacy decision (‘ Draft Adequacy Decision ‘) for the EU-US Data Privacy Framework (‘ Framework ‘).

Data protection 52

Data protection Court Law Law 52

Inside Privacy

FEBRUARY 27, 2023

However, the EU Commission announced on January 27, 2023, that only three out of the 27 EU member states have properly transposed the RAD into their national legislation as required, and that it will now start issuing formal notices to the remaining countries to transpose the RAD as soon as possible. Information about collective actions.

Data protection 52

Data protection Court Litigator Litigation 52

Technology Law Dispatch

FEBRUARY 7, 2024

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy. Whose guidance to use?

Data protection 64

Data protection Compliance Court Lawyer 64

Inside Privacy

MAY 3, 2023

On April 27, 2023, the Advocate General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued its opinion in the case C-807/21 on the conditions for imposing GDPR fines on legal persons (e.g., million fine the Berlin Supervisory Authority imposed on Deutsche Wohnen SE for infringing the GDPR’s data retention obligations.

State law 79

State law Court Data protection Law 79