Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Global LegalTech Hub

MAY 7, 2024

In March 2024, a study titled " Implementing Generative AI in Legal Firms and Legal Departments " was published by the AI Laboratory (UBA IALAB) at the University of Buenos Aires. Countries like Italy initially blocked ChatGPT's use, later reinstating it with promises of increased transparency and data protection.

Data protection 130

Data protection Compliance Law Law 130

Inside Privacy

MARCH 12, 2024

On February 28, the European Data Protection Board (“EDPB”) announced that EU supervisory authorities (“SAs”) will undertake a coordinated enforcement action in 2024 regarding data subjects’ right of access under the GDPR. In 2023, regulators focused upon data protection officers’ designation and role.

Data protection 72

Data protection Compliance 72

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Legal IT Group

NOVEMBER 10, 2023

First of all, the data can be transferred based on the adequacy decision or subject to appropriate safeguards. Among these safeguards, in particular, are binding corporate rules, standard data protection clauses, code of conduct, and certification mechanism. In such cases, appropriate safeguards are used.

Data protection 130

Data protection Compliance Law Law 130

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws. What to expect in 2024? The “personal information” definition is amended.

Data protection 130

Data protection Compliance Litigator Litigation 130

Eric Goldman

FEBRUARY 15, 2024

.] * * * The European Union’s Digital Services Act (“DSA”), a significant legislative act of 93 articles and 156 recitals, will become fully effective from this Saturday, February 17, 2024. The post The European Union’s Digital Services Act: In Force from This Saturday, February 17, 2024, Including for U.S.

Due diligence 105

Due diligence Data protection Compliance Court 105

Clio

JANUARY 30, 2024

Here, we’ll outline the fundamentals of law firm data security in 2024. Law Firm Data Security 101 Let’s start with the basics. These are the essential things you need to know about law firm data security in 2024. What is a law firm’s data security risk? Are they compliant?

Law firm 98

Law firm Law Law Due diligence 98

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Covington’s Data Privacy and Cybersecurity Team regularly monitors regulatory guidance, legal and policy developments.

Data protection 52

Data protection Compliance Law Law 52

Clio

OCTOBER 8, 2024

Held in vibrant Austin, Texas, the 2024 Clio Cloud Conference was nothing short of electrifying. Jack Newton’s opening keynote Jack Newton, Clio’s Founder and CEO, kicked off ClioCon 2024 with his keynote focused on harnessing momentum in the legal industry to drive long-term success. Missed the event?

Time-tracking 59

Time-tracking Judge Law firm Data protection 59

Debevoise Data Blog

JANUARY 25, 2024

Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. It remains to be seen whether data protect authorities will provide guidance on how to interpret the “draw strongly” condition. 9 and GDPR Art.

Data protection 40

Data protection Court e-records Compliance 40

CaseFox

FEBRUARY 27, 2023

In 2022, a Gartner report quoted, “By 2024, legal departments will replace 20% of generalist lawyers with nonlawyer staff”. Compliance Finally, legal tech can help firms ensure compliance with legal and regulatory requirements. Change management is a prism. Legal tech is an essential part of the modern legal industry.

Legal tech 97

Legal tech Legal tech Law firm Document automation 97

Rocket Matter

SEPTEMBER 3, 2024

This number will likely increase in 2024. If you don’t want to become a statistic, take a hard look at your security protocols and compliance. Do you know where all of your client data is and how it is used? Especially important, though, is SOC 2 compliance. What is SOC 2 compliance? Let’s take a closer look.

Compliance 52

Compliance Law firm Law Law 52

MatterSuite

SEPTEMBER 4, 2024

In this blog, we will discuss the best eDiscovery training and certification programs of the year 2024 that will enable you to make a wise decision according to your career interests. Why eDiscovery Training and Certification Matter in 2024?

e-discovery 52

e-discovery Machine learning Data protection Compliance 52

Inside Privacy

JANUARY 24, 2024

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.

Data protection 61

Data protection Intellectual Property Compliance Law 61

Inside Privacy

NOVEMBER 20, 2023

On October 11, 2023, the French data protection authority (“CNIL”) issued a set of “how-to” sheets on artificial intelligence (“AI”) training databases. There are eight sheets in total, each covering a data protection issue AI providers should consider when designing their systems. What are the next steps?

Data protection 57

Data protection Machine learning Compliance Law 57

Technology Law Dispatch

FEBRUARY 7, 2024

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy. Whose guidance to use?

Data protection 64

Data protection Compliance Court Lawyer 64

Technology Law Dispatch

FEBRUARY 20, 2024

The Draft Bill (status 7 February 2024), which does not have any basis in EU law, is available here (German content). Non-compliance with the transparency obligation to inform users shall constitute an administrative offence and result in an administrative fine.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

DECEMBER 18, 2023

This post highlights key aspects of the MHMDA with a focus on net-new provisions that organizations should consider as they build out their privacy compliance programs. Entities covered by MHMDA must comply with the law’s obligations and prohibitions by March 31, 2024, and small businesses must comply by June 30, 2024.

Data protection 52

Data protection Compliance Hearing Attorney 52

new tech law blog

MARCH 10, 2023

“Dark patterns” used by online platform providers have been controversial for some time, but recently there has been a growing buzz about them, in particular due to actions undertaken by EU and national data protection and consumer protection authorities. What are “dark patterns”?

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

SEPTEMBER 19, 2022

Governor Newsom stated that he is “thankful to Assemblymembers Wicks and Cunningham and the tech industry for pushing these protections and putting the wellbeing of our kids first.” Notable affirmative obligations include: Data Protection Impact Assessments (“DPIAs”).

Data protection 52

Data protection Compliance Time-tracking Attorney 52

Debevoise Data Blog

NOVEMBER 29, 2023

Despite recent challenges in the EU “trilogue negotiations”, proponents still hope to reach a compromise on the key terms of the draft EU AI Act by 6 th December, with a view to passing to the Act in 2024 and most of the provisions becoming effective sometime in 2026. Where are we in the legislative process?

Compliance 52

Compliance Data protection e-records Law 52

Debevoise Data Blog

SEPTEMBER 21, 2022

For UK data transfers: all new agreements executed on or after 21 September 2022 should incorporate the UK Addendum or IDTA; and all existing agreements incorporating the old SCCs must be updated by 21 March 2024 (or sooner if the processing operations change before then).

Data protection 52

Data protection Compliance Court 52

Inside Privacy

MAY 23, 2023

European lawmakers hope to adopt the final AI Act before the end of 2023, ahead of the European Parliament elections in 2024. These include making publicly available “a sufficiently detailed summary of the use of training data protected under copyright law” (Article 28b(4)(c)).

Data protection 57

Data protection Compliance Law Law 57

Rocket Matter

OCTOBER 10, 2024

Sorry about that.) In 2024, financial security is about more than just getting paid—it’s about safeguarding transactions to protect your firm from revenue loss and legal liabilities. That’s where SOC 2 compliance comes into play. Getting paid. But Rocket Matter Pay has you covered.

Compliance 52

Compliance Time-tracking Law firm Legal CRM 52

Debevoise Data Blog

FEBRUARY 6, 2023

Companies subject to ColoPA should review their practices to ensure compliance before ColoPA’s July 1, 2023 effective date. When a consumer submits an opt-out request in conjunction with other data rights requests, controllers must prioritize compliance with the opt-out request. (2) No Default Settings. Dark Patterns Forbidden.

Hearing 52

Hearing Data protection Law Law 52

Technology Law Dispatch

NOVEMBER 22, 2023

Category 1 service providers must keep records of compliance with their obligations, publish them, enable functionality within the services to empower users to control the content they are exposed to, and, if children are likely to access their services, comply with specific child safety duties.

Compliance 52

Compliance Data protection 52

Inside Privacy

FEBRUARY 1, 2024

The final draft’s provisions on international transfers of non-personal data may differ from what is shown in the table. This regulation is directly applicable in all EU Member States since May 28, 2019. The EU institutions are negotiating a final draft.

Intellectual Property 72

Intellectual Property State law Court Compliance 72

CloudNine

MAY 1, 2024

By Rick Clark The Masters Conference in Washington, DC, on April 17th, 2024, was a bustling event with crowded sessions throughout the day. The agenda featured a diverse range of topics, such as Modern Data, Link Files, eDiscovery Case Law, and Artificial Intelligence, making it an exceptional experience for attendees.

e-discovery 59

e-discovery e-filing Litigator Litigation 59

new tech law blog

JUNE 22, 2023

The DMA will also impact other regulations applicable to the delivery of services on digital markets, particularly involving data protection (the General Data Protection Regulation and the ePrivacy Directive), competition law, consumer protection, and copyright (e.g. 5–7 DMA, i.e. by March 2024 at the latest (Art.

Compliance 52

Compliance Data protection Court Software 52

Debevoise Data Blog

OCTOBER 31, 2023

This could impact financial firms who are considering using the EU AI Act as their ‘high watermark’ for AI regulatory and governance compliance, who will have to accommodate any UK-specific requirements in their compliance programmes. The UK Financial Authorities could look to such existing resources when developing future guidance.

Compliance 52

Compliance Due diligence Machine learning Data protection 52

Clio

NOVEMBER 16, 2023

However, always be certain to check with your particular state bar association to ensure you are remaining in compliance with your jurisdiction’s requirements. Important changes to Florida CLE requirements are taking effect in January 2024. New York CLE requirements New York is unique among the U.S.

Attorney 52

Attorney Legal education Data protection Court 52

Debevoise Data Blog

MAY 23, 2022

Here, we highlight key aspects of the CTPA with a focus on the provisions that companies should consider in their compliance preparations. Under ColoPA, controllers will also have to recognize global opt-out signals as of July 1, 2024—six months before this requirement is operative in Connecticut. CTPA § 6(e)(1)(A)(ii). CTPA § 4(b).

Law 40

Law Law Compliance Attorney 40

Clio

MARCH 14, 2024

Regulatory changes and compliance requirements The legal industry tends to be traditional, holding onto established processes and procedures. Innovation at your law firm If you’re looking to adopt legal technology at your firm, there are some best practices to follow: Prioritize security and data privacy first.

Machine learning 52

Machine learning Law firm Due diligence e-discovery 52