Inside Privacy

FEBRUARY 1, 2024

Note that the data localization prohibition in this Regulation applies to individual EU Member States’ laws; it does not preclude the EU from implementing data localization requirements. The restrictions on transfers of non-personal data appear to serve two main purposes. X (Recent Council versions remove this obligation.)

Intellectual Property 72

Intellectual Property State law Court Compliance 72

Debevoise Data Blog

APRIL 29, 2022

The UCPA is set to be reviewed by the attorney general who must submit a report to the legislature by July 1, 2025. No Requirement to Conduct Risk Assessments or Data Protection Impact Assessments Under the UCPA, businesses are not required to conduct risk assessments related to their processing or control of personal data.

Law 52

Law Law Data protection Attorney 52

Technology Law Dispatch

NOVEMBER 22, 2023

Nov 2023 – Consultation on illegal content Dec 2023 – Consultation on child safety, pornography, and protecting women and girls Spring 2024 – advice to the Secretary of State on categorization End of 2024 – publishing a register of categorized services Early to mid-2025 – codes of practice on fraudulent advertising and transparency notices

Compliance 52

Compliance Data protection 52

Debevoise Data Blog

FEBRUARY 22, 2024

The UK’s approach is therefore an important reminder that while there is often significant public attention on new AI laws, such as the EU AI Act, the use of AI is already subject to a wide variety of existing legal requirements under other technology-neutral laws, including data protection and equalities legislation.

Data protection 52

Data protection Law Law Compliance 52

MatterSuite

SEPTEMBER 4, 2023

Gartner experts expect legal departments to increase their spending on legal technology threefold by 2025. When implementing enhanced reporting, it’s crucial to have robust data security measures in place to protect sensitive information.

Time-tracking 52

Time-tracking Compliance Case management Analytics 52

Technology Law Dispatch

FEBRUARY 23, 2023

Member States must also establish a list of essential and important entities by 17 April 2025. Next steps NIS2 must be transposed into EU member state national law by 17 October 2024. ENISA must create and maintain a register of entities subject to NIS2 based on the lists created by the member states.

Data protection 52

Data protection Law Law 52

Debevoise Data Blog

MAY 23, 2022

This contrasts with the VCDPA’s and the UCPA’s definition of “sale,” which is limited to an exchange of personal data for only monetary consideration. The CTPA bolsters opt-out rights by requiring controllers to recognize a global opt-out preference by January 1, 2025. CTPA § 6(e)(1)(A)(ii). CTPA § 11(b).

Law 40

Law Law Compliance Attorney 40

Debevoise Data Blog

OCTOBER 31, 2023

For example, the French data protection authority, the CNIL, recently published a series of fact sheets aimed at helping companies achieve GDPR-compliance when developing and adopting AI tools. In the Response Paper, a number of respondents flagged the UK GDPR as, in their opinion, creating particular challenges.

Compliance 52

Compliance Due diligence Machine learning Data protection 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Time-tracking 52

Technology Law Dispatch

APRIL 19, 2023

On 4 April 2023, the Personal Information Protection Commission of Japan (PPC) and European Commissioner for Justice issued a joint Press Statement on the conclusion of the first review of the Japan-EU Mutual Adequacy Decision.

Data protection 52

Data protection 52

Inside Privacy

JANUARY 29, 2024

The Act, which will take effect on January 1, 2025, resembles similar statutes in Connecticut and other states with a few distinctions. The Act also grants the Attorney General the authority to require controllers to disclose data protection assessments relevant to investigations conducted by the Attorney General.

Data protection 61

Data protection Attorney Law Law 61

Debevoise Data Blog

JULY 9, 2021

Data Protection Assessments Also similar to a provision of the VCDPA that has often been criticized for being vague and overly burdensome, SB 21-190 requires businesses to conduct regular data protection assessments for each of their activities that involve personal data and present a heightened risk of harm to consumers.

Data protection 40

Data protection Attorney Compliance State law 40

Debevoise Data Blog

MAY 2, 2023

Canada In June 2022, the Government of Canada put forward the Artificial Intelligence and Data Act (“AIDA”) as part of Bill C-27, the Digital Charter Implementation Act.

Compliance 52

Compliance Time-tracking Data protection Law 52

Debevoise Data Blog

DECEMBER 17, 2023

If this timeline is met, the first provisions of the Act to come into force (the prohibition on “unacceptable risk” AI systems) will take effect in late 2024, followed by the requirements related to “high risk” systems in early 2025, and the remaining provisions in 2026. How to prepare.

Data protection 64

Data protection Compliance Time-tracking Law 64

Debevoise Data Blog

JANUARY 16, 2025

The Final Rule takes effect 90 days after publication in the Federal Register, which is expected for January 8, 2025, although certain compliance requirements will not take effect until 270 days following publication. Engaging in data-mapping exercises may alleviate this burden.

Compliance 52

Compliance Due diligence e-records Time-tracking 52