Debevoise Data Blog

MARCH 31, 2025

Our top-five European data protection developments from February are: European Commission publishes guidelines on prohibited AI practices : The EU Commission has published non-binding guidance on the EU AI Acts prohibited use cases. The ban entered into force on 2 February 2025. Spanish Telecomm Provider Fined 1.2

Data protection 52

Data protection e-records Compliance Court 52

Berkley Technology Law Journal

JANUARY 24, 2025

Candidate, 2025 No one wants to be left holding the bag after a break-in, but for chief information security officers (CISOs), the risk of liability is ever-present. They are responsible for overseeing an organizations data protection measures, risk management strategies, overall security infrastructure, among other critical responsibilities.

Failure-to-appear 130

Failure-to-appear Court Judge Data protection 130

Eric Goldman

MARCH 17, 2025

As the judge says resignedly, “Taking these provisions directly from a law enacted in the United Kingdom, the California Legislature left it to the courts to pass the CAADCA through the filter of our First Amendment.” Unsurprisingly, on remand, the district court declared the rest unconstitutional.

Court 52

Court Data protection Judge Law 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

JULY 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Time-tracking Mediator Analytics 52

Eric Goldman

APRIL 28, 2023

If passed, the bill goes into effect July 1, 2024 with the first round of DPIAs due July 1, 2025. Among their targets were the Data Protection Impact Assessment requirements, which NetChoice argued amounted to prior restraint and compelled speech. The bill is currently pending approval by both chambers.

Data protection 133

Data protection Court Hearing Judge 133

Debevoise Data Blog

JANUARY 25, 2024

Nevertheless, when considering the appropriateness of protective measures, the obligation rests on the data controller to prove that they met the required standard. The rulings arose at the request of both the German and Lithuanian courts, following local administrative fines. The Court ruled that: “Scoring” (i.e.,

Data protection 40

Data protection Court e-records Compliance 40