Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

CloudNine

JANUARY 10, 2024

By Rick Clark and Jacob Hesse 2023 was an eventful year in the world of legal technology, with new technology emerging to address both traditional and new challenges legal teams face when collecting, processing, and reviewing data for litigation, investigations, or public access requests.

Compliance 104

Compliance Machine learning Litigator Litigation 104

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Eric Goldman

FEBRUARY 15, 2024

.] * * * The European Union’s Digital Services Act (“DSA”), a significant legislative act of 93 articles and 156 recitals, will become fully effective from this Saturday, February 17, 2024. The DSA will require much agency and court interpretation to give legal certainty to intermediaries and the recipients of their services.

Due diligence 105

Due diligence Data protection Compliance Court 105

Eric Goldman

APRIL 28, 2023

If passed, the bill goes into effect July 1, 2024 with the first round of DPIAs due July 1, 2025. Among their targets were the Data Protection Impact Assessment requirements, which NetChoice argued amounted to prior restraint and compelled speech. The bill is currently pending approval by both chambers.

Data protection 133

Data protection Court Hearing Judge 133

Clio

OCTOBER 8, 2024

Held in vibrant Austin, Texas, the 2024 Clio Cloud Conference was nothing short of electrifying. Jack Newton’s opening keynote Jack Newton, Clio’s Founder and CEO, kicked off ClioCon 2024 with his keynote focused on harnessing momentum in the legal industry to drive long-term success. Missed the event?

Time-tracking 59

Time-tracking Judge Law firm Data protection 59

Debevoise Data Blog

JANUARY 25, 2024

Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. The rulings arose at the request of both the German and Lithuanian courts, following local administrative fines. The Court ruled that: “Scoring” (i.e.,

Data protection 40

Data protection Court e-records Compliance 40

Inside Privacy

JANUARY 17, 2024

On January 15, 2024, the European Commission released its report on the first review of the functioning of the existing eleven adequacy decisions adopted under the pre-GDPR framework. Organizations should welcome the continued stability and legal certainty offered by the retention of the existing adequacy decisions.

Data protection 72

Data protection Court Law Law 72

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws. ” Thus, the Australian Privacy Act also aims to have a GDPR level of data protection.

Data protection 130

Data protection Compliance Litigation Litigator 130

Technology Law Dispatch

FEBRUARY 7, 2024

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy. Whose guidance to use? In the US, NIST has a resource page for Critical Infrastructure: [link].

Data protection 64

Data protection Compliance Court Lawyer 64

Debevoise Data Blog

SEPTEMBER 21, 2022

In the wake of the Court of Justice of the European Union’s decision in Schrems II (covered here and here ) and Brexit, the EU and UK respectively updated and issued new cross-border transfer clauses. What happened? For many businesses, implementing the new SCCs and IDTA or Addendum at the same time will be most efficient.

Data protection 52

Data protection Compliance Court 52

CloudNine

MAY 1, 2024

By Rick Clark The Masters Conference in Washington, DC, on April 17th, 2024, was a bustling event with crowded sessions throughout the day. The agenda featured a diverse range of topics, such as Modern Data, Link Files, eDiscovery Case Law, and Artificial Intelligence, making it an exceptional experience for attendees. Doe LS 340 v.

e-discovery 59

e-discovery e-filing Litigator Litigation 59

Inside Privacy

FEBRUARY 1, 2024

For example, transfers could create a conflict with EU or Member State law regarding the protection of the fundamental rights and freedoms of individuals, national security or defense, the protection of commercially sensitive data, or the protection of intellectual property rights.

Intellectual Property 72

Intellectual Property State law Court Compliance 72

new tech law blog

JUNE 22, 2023

This is because the obligations and prohibitions imposed on gatekeepers will either directly or indirectly vest other groups with rights they can pursue before national courts. The DMA vests these entities with certain rights, directly or indirectly, which they can enforce before national courts (Art. DMA recital 12). 5, 6 and 7 DMA.

Compliance 52

Compliance Data protection Court Software 52

Clio

NOVEMBER 16, 2023

For the 24-hour biennial requirement for experienced attorneys, (1) four hours must cover ethics and professionalism, (2) one hour must cover diversity, inclusion, and elimination of bias, and (3) one hour must cover cybersecurity, privacy, and data protection.

Attorney 52

Attorney Legal education Data protection Court 52

Debevoise Data Blog

MAY 23, 2022

Under ColoPA, controllers will also have to recognize global opt-out signals as of July 1, 2024—six months before this requirement is operative in Connecticut. Under the CCPA/CPRA, businesses must provide two methods for consumers to opt-out of the sale of their personal data. CTPA § 6(e)(1)(A)(ii).

Law 40

Law Law Compliance Attorney 40

Eric Goldman

AUGUST 16, 2024

I’m pleased to announce the 2024 edition (15th edition) of my Internet Law casebook, Internet Law: Cases & Materials. Blockbuster with the North Carolina Supreme Court decision in Canteen v. I also did a quick calculation of the issuing courts represented among the 22 principal opinions. I replaced Harris v. The Harris v.

Dispute resolution 116

Dispute resolution Law Law Court 116

Inside Privacy

JULY 17, 2023

The Commission provides greater clarity on the process by which EU data subjects can submit complaints through the two-tier redress mechanism established under EO 14086 “concerning an alleged violation of U.S. The decision specifies that an EU data subject must submit a complaint to a Data Protection Authority (“DPA”) in an EU Member State.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

NOVEMBER 2, 2022

Digital Services Act to apply from 2024 or four months from designation as a very large online platform or search engine What happened : On 4 October 2022, the EU adopted the much-anticipated Digital Services Act (“DSA”).

Data protection 52

Data protection Compliance Machine learning Court 52

Debevoise Data Blog

JANUARY 16, 2025

DOJ Issues Landmark Rules on Sensitive Data On December 27, 2024, the U.S. Department of Justice (DOJ) issued the Final Rule on Preventing Access to Sensitive Data, creating a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data to foreign adversaries deemed threats to U.S.

Compliance 52

Compliance Due diligence e-records Time-tracking 52