Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. 22, then there must be sufficient human-involvement in that processing for it to be GDPR-compliant.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

CloudNine

JANUARY 10, 2024

By Rick Clark and Jacob Hesse 2023 was an eventful year in the world of legal technology, with new technology emerging to address both traditional and new challenges legal teams face when collecting, processing, and reviewing data for litigation, investigations, or public access requests. Laws within nations are evolving as well.

Compliance 104

Compliance Machine learning Litigator Litigation 104

Clio

JANUARY 30, 2024

Law firm data security should be a top priority for any practice, and here’s why: Clients trust you with their most confidential information. Since clients entrust lawyers with so much of their sensitive data, law firms make prime targets for cybercrime. You don’t want your law firm to become part of that statistic.

Law firm 98

Law firm Law Law Due diligence 98

Global LegalTech Hub

MAY 7, 2024

In March 2024, a study titled " Implementing Generative AI in Legal Firms and Legal Departments " was published by the AI Laboratory (UBA IALAB) at the University of Buenos Aires. Countries like Italy initially blocked ChatGPT's use, later reinstating it with promises of increased transparency and data protection.

Data protection 130

Data protection Compliance Law Law 130

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Eric Goldman

FEBRUARY 15, 2024

.] * * * The European Union’s Digital Services Act (“DSA”), a significant legislative act of 93 articles and 156 recitals, will become fully effective from this Saturday, February 17, 2024. The post The European Union’s Digital Services Act: In Force from This Saturday, February 17, 2024, Including for U.S.

Due diligence 105

Due diligence Data protection Compliance Court 105

Eric Goldman

APRIL 28, 2023

Despite the California Legislature’s blunder last year with AB 2273 (the Age Appropriate Design Code), many states, including Minnesota, are stubbornly pushing for nearly identical laws. If passed, the bill goes into effect July 1, 2024 with the first round of DPIAs due July 1, 2025.

Data protection 133

Data protection Court Hearing Judge 133

Legal IT Group

NOVEMBER 10, 2023

Companies often need to transfer personal data to other countries while conducting their business operations. Since personal data is not everywhere reliably protected by law, there are plenty of requirements for its legal transfer. Standard data protection (or contractual) clauses ( SCCs ) are the most common safeguards.

Data protection 130

Data protection Compliance Law Law 130

CaseFox

FEBRUARY 27, 2023

In 2022, a Gartner report quoted, “By 2024, legal departments will replace 20% of generalist lawyers with nonlawyer staff”. Law tech helps improve and streamline legal processes, ranging from document automation to artificial intelligence (AI) tools for legal research. Change management is a prism.

Legal tech 97

Legal tech Legal tech Law firm Document automation 97

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Covington’s Data Privacy and Cybersecurity Team regularly monitors regulatory guidance, legal and policy developments.

Data protection 52

Data protection Compliance Law Law 52

Clio

OCTOBER 8, 2024

Held in vibrant Austin, Texas, the 2024 Clio Cloud Conference was nothing short of electrifying. Jack Newton’s opening keynote Jack Newton, Clio’s Founder and CEO, kicked off ClioCon 2024 with his keynote focused on harnessing momentum in the legal industry to drive long-term success. Missed the event?

Time-tracking 59

Time-tracking Judge Law firm Data protection 59

Debevoise Data Blog

JANUARY 25, 2024

Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. The CJEU has also recently reaffirmed that GDPR precludes national law makers from imposing a de minimis threshold for non-material damage.

Data protection 40

Data protection Court e-records Compliance 40

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws. What to expect in 2024? The “personal information” definition is amended.

Data protection 130

Data protection Compliance Litigator Litigation 130

Inside Privacy

JANUARY 17, 2024

On January 15, 2024, the European Commission released its report on the first review of the functioning of the existing eleven adequacy decisions adopted under the pre-GDPR framework. Organizations should welcome the continued stability and legal certainty offered by the retention of the existing adequacy decisions.

Data protection 72

Data protection Court Law Law 72

Clio

JANUARY 1, 2025

Whether youre considering law school, just starting your career as a new legal professional, or guiding your practice in the right direction, weve gathered the latest statistics about lawyers to help you navigate the legal landscape and make smart decisions for 2025 and beyond. As of January 1, 2024, there are more than 1.3

Lawyer 98

Lawyer Law firm Bankruptcy Data protection 98

Debevoise Data Blog

JUNE 17, 2024

Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Matt Kelly, and Johanna Skrzypczyk were all recognized by The Legal 500 US in the category Cyber Law (Including Data Privacy and Data Protection) with Luke Dembosky and Avi Gesser ranked as Leading Lawyers. Extremely good experience in the field.”

Attorney 52

Attorney Data protection Law Law 52

Legal IT Group

OCTOBER 24, 2023

The Attorney General has the right to file an administrative lawsuit against brokers who fail to register or violate the requirements of applicable personal information protection laws and to order them to pay appropriate fines and other costs. What to prepare for now? Are there any other requirements for brokers?

Data protection 130

Data protection Federal law Attorney Lawsuit 130

Inside Privacy

FEBRUARY 20, 2024

On February 13, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on the notion of “main establishment” of a controller in the context of Article 4(16)(a) of GDPR. This blog post was drafted with the contribution of Diane Valat.)

Data protection 81

Data protection Law Law 81

MatterSuite

SEPTEMBER 4, 2024

In this blog, we will discuss the best eDiscovery training and certification programs of the year 2024 that will enable you to make a wise decision according to your career interests. Why eDiscovery Training and Certification Matter in 2024?

e-discovery 52

e-discovery Machine learning Data protection Compliance 52

Inside Privacy

MAY 30, 2023

On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act , making it the sixth state to pass a comprehensive data privacy law this year. If signed into law, the Act would take effect on July 1, 2024. The Act shares many similarities with Virginia, although there are some distinctions.

Data protection 74

Data protection Attorney Law Law 74

Inside Privacy

JANUARY 24, 2024

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.

Data protection 61

Data protection Intellectual Property Compliance Law 61

Inside Privacy

MARCH 8, 2024

On 6 March 2024, the ICO issued a call for views on so-called “Consent or pay” models, where a user of a service has the option to consent to processing of their data for one or more purposes (typically targeted advertising), or pay a (higher) fee to access the service without their data being processed for those purposes.

Data protection 61

Data protection Law Law 61

Inside Privacy

MARCH 23, 2023

There is, however, an increasing body of EU law requiring organizations to adopt some appropriate measures to verify age. For instance, the Audiovisual Media Services Directive requires the adoption of appropriate measures to protect children from harmful content, including through age verification.

Data protection 79

Data protection Law Law 79

Inside Privacy

JANUARY 14, 2024

Several EU data protection supervisory authorities (“SAs”) have recently issued guidance on cookies. On January 11, 2024, the Spanish SA published guidance on cookies used for audience measurement (often referred to as analytics cookies) (available in Spanish only).

Data protection 72

Data protection Analytics Time-tracking Law 72

new tech law blog

MARCH 10, 2023

“Dark patterns” used by online platform providers have been controversial for some time, but recently there has been a growing buzz about them, in particular due to actions undertaken by EU and national data protection and consumer protection authorities. What are “dark patterns”?

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

NOVEMBER 20, 2023

On October 11, 2023, the French data protection authority (“CNIL”) issued a set of “how-to” sheets on artificial intelligence (“AI”) training databases. There are eight sheets in total, each covering a data protection issue AI providers should consider when designing their systems. What are the next steps?

Data protection 57

Data protection Machine learning Compliance Law 57

Technology Law Dispatch

FEBRUARY 20, 2024

The Draft Bill (status 7 February 2024), which does not have any basis in EU law, is available here (German content). The national data protection authorities of EU Member States expressly welcomed the LIBE’s proposal to exempt end-to-end encrypted communications from detection orders under the Proposed CSAM Regulation (cf.

Data protection 52

Data protection Compliance Law Law 52

Technology Law Dispatch

FEBRUARY 7, 2024

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy. Whose guidance to use? In the US, NIST has a resource page for Critical Infrastructure: [link].

Data protection 64

Data protection Compliance Court Lawyer 64

Vogel IT Law

FEBRUARY 6, 2024

Computerworld reported that “Apple is planning its first AI acquisition for 2024, a German firm called brighter AI, according to an online news report.” The February 5, 2024 article entitled “Apple has eye on building bigger genAI data sets” ( [link] ) and included these comments: Apple is beginning to act on its generative AI (genAI) plans.

Data protection 52

Data protection Law Law 52

Technology Law Dispatch

OCTOBER 12, 2023

The pilot is expected to launch in the first half of 2024, for a 12-month period, with the DRCF to provide details of how to apply to the hub later this year. Those who don’t directly benefit from the pilot will have recourse to the DRCF’s case study archive, and anonymised examples of advice provided.

Data protection 52

Data protection 52

Inside Privacy

DECEMBER 15, 2023

As we’ve previously noted , dark patterns are an area of increasing focus of regulators, and the joint paper reflects the growing interplay between privacy and competition laws – a trend we expect to see continue in 2024.

Data protection 65

Data protection Law Law 65

Debevoise Data Blog

FEBRUARY 6, 2023

State Privacy Laws series, we review key components of the proposed rules and takeaways from the public hearing. Part 1 of this Data Blog series discussed recent developments in the rulemaking for the California Privacy Rights Act. ColoPA requires controllers to respond to such opt-out signals beginning on July 1, 2024.

Hearing 52

Hearing Data protection Law Law 52

Debevoise Data Blog

DECEMBER 18, 2023

For example, the UK ICO has made children’s privacy a top enforcement priority and, in April 2023, issued a £127m penalty against TikTok Inc for inter alia failing to use children’s personal data lawfully. Washington’s Novel Health Data Law: An In-Depth Look (August 2, 2023) U.S. Similar trends exist in the EU.

Data protection 52

Data protection Compliance Hearing Attorney 52