2023 Data protection e-records 
Debevoise Data Blog
JANUARY 17, 2025
Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. This includes products such as software, webcams and smart TVs.
Debevoise Data Blog
NOVEMBER 21, 2023
Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Debevoise Data Blog
JUNE 8, 2023
Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 Nonetheless, businesses that transfer personal data to the U.S. billion fine against Meta.
Ikigai Law
AUGUST 4, 2023
India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them. Who is affected?
Debevoise Data Blog
FEBRUARY 20, 2023
EDPB’s cookie banner task force report highlights user-friendly design choices What happened : In January 2023, the EDPB adopted a final report on the Cookie Banner Task Force’s work. Both investigations concerned the lawful basis relied on for the processing of user data to deliver personalised advertising.
Debevoise Data Blog
JANUARY 25, 2024
Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. 6, meaning that businesses may wish to review their records of processing activities to ensure that both are reflected. 9 and GDPR Art. 6 and Art.
Debevoise Data Blog
AUGUST 16, 2023
. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). These developments, and more, covered below.
Expert insights. Personalized for you.
52 
Let's personalize your content