2025, Data protection and Law - Legal Tech Connection

European Data Protection Roundup – June 2024

Debevoise Data Blog

JULY 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. To subscribe to the Data Blog, please click here.

Data protection

Data protection Time-tracking Mediator Analytics

European Data Protection Roundup – December 2023

Debevoise Data Blog

JANUARY 25, 2024

The CJEU has also recently reaffirmed that GDPR precludes national law makers from imposing a de minimis threshold for non-material damage. This judgment arose from a 2019 cyberattack against the Bulgarian National Revenue Agency which resulted in a threat actor publishing more than 6 million people’s personal data on the internet.

Data protection

Data protection Court e-records Compliance

The 2024 Clio Cloud Conference in Review

Clio

OCTOBER 8, 2024

He discussed the rapid rise in AI adoption, jumping from 19% to 79% in law firms in just one year, and introduced Clio Duo , a new AI tool designed to enhance productivity and reduce workflow friction. Jack also announced exciting new Clio features for 2025, including automated workflows, custom reporting, and new payment methods.

Time-tracking

Time-tracking Judge Law firm Data protection

Texas Passes Data Privacy and Security Act

Inside Privacy

MAY 30, 2023

On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act , making it the sixth state to pass a comprehensive data privacy law this year. If signed into law, the Act would take effect on July 1, 2024. The Act also requires controllers to implement opt-out preference signals by January 1, 2025.

Data protection

Data protection Attorney Law Law

Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)

Eric Goldman

APRIL 28, 2023

Despite the California Legislature’s blunder last year with AB 2273 (the Age Appropriate Design Code), many states, including Minnesota, are stubbornly pushing for nearly identical laws. If passed, the bill goes into effect July 1, 2024 with the first round of DPIAs due July 1, 2025. Enforcement is limited to the MN AG.

Data protection

Data protection Court Hearing Judge

ENISA Releases Comprehensive Framework for Ensuring Cybersecurity in the Lifecycle of AI Systems

Technology Law Dispatch

JUNE 30, 2023

ENISA emphasises that this has to be done in line with all relevant EU legislation, including the General Data Protection Regulation, Network and Information Security Directive (NIS2), and Cybersecurity Resilience Act (CSA). Once published, there will be a period of 24 months before it becomes effective (estimated Q3/4 2025).

Data protection

Data protection Compliance

Utah Joins the Comprehensive State Privacy Law Club

Debevoise Data Blog

APRIL 29, 2022

On March 24, 2022, Utah enacted a comprehensive consumer privacy law, the Utah Consumer Privacy Act (“UCPA”). The UCPA, effective on December 31, 2023, is largely consistent with other comprehensive state privacy laws, but includes several key differences. The UCPA has a narrower applicability than the State Privacy Laws.

Law

Law Law Data protection Attorney

Connecticut’s Next Generation Data Privacy Law

Debevoise Data Blog

MAY 23, 2022

Connecticut’s Governor signed the state’s comprehensive privacy law into effect on May 10, 2022, adding yet another category of state privacy law. We also provide an overview of the CTPA’s enforcement mechanisms and explain how the CTPA modifies prior laws’ safe harbor with a nod towards prosecutorial discretion.

Law

Law Law Compliance Attorney

European Data Protection Roundup – January 2024

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection

Data protection Compliance Court e-records

EU Rules Restricting the International Transfers of Non-Personal Data

Inside Privacy

FEBRUARY 1, 2024

While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR. This is borne out by the provisions in the proposed EHDS, as discussed below.

Intellectual Property

Intellectual Property State law Court Compliance

The UK Online Safety Act – Keeping you informed here

Technology Law Dispatch

NOVEMBER 22, 2023

Nov 2023 – Consultation on illegal content Dec 2023 – Consultation on child safety, pornography, and protecting women and girls Spring 2024 – advice to the Secretary of State on categorization End of 2024 – publishing a register of categorized services Early to mid-2025 – codes of practice on fraudulent advertising and transparency notices

Compliance

Compliance Data protection

The UK’s Emerging Approach to AI Regulation

Debevoise Data Blog

FEBRUARY 22, 2024

The UK’s approach is therefore an important reminder that while there is often significant public attention on new AI laws, such as the EU AI Act, the use of AI is already subject to a wide variety of existing legal requirements under other technology-neutral laws, including data protection and equalities legislation.

Data protection

Data protection Law Law Compliance

NIS2 toughens up EU’s cyber security obligations

Technology Law Dispatch

FEBRUARY 23, 2023

Organisations operating in the defence, national security, public security, and law enforcement industries are expressly excluded. Next steps NIS2 must be transposed into EU member state national law by 17 October 2024. Member States must also establish a list of essential and important entities by 17 April 2025.

Data protection

Data protection Law Law

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Debevoise Data Blog

OCTOBER 31, 2023

The UK’s Approach to AI Regulation As set out in the government’s white paper on AI , the UK, unlike the EU, does not intend to implement AI-specific laws or regulations. There is strong appetite for any future regulations to align with existing domestic and international laws and regulations.

Compliance

Compliance Due diligence Machine learning Data protection

EU may expand the scope of the adequacy decision for Japan following its first review

Technology Law Dispatch

APRIL 19, 2023

On 4 April 2023, the Personal Information Protection Commission of Japan (PPC) and European Commissioner for Justice issued a joint Press Statement on the conclusion of the first review of the Japan-EU Mutual Adequacy Decision.

Data protection

New Jersey and New Hampshire Pass Comprehensive Privacy Legislation

Inside Privacy

JANUARY 29, 2024

332 (“the Act”), which was signed into law on January 16, 2024. The Act omits several exemptions present in other state comprehensive privacy laws, including exemptions for nonprofit organizations and information covered by the Family Educational Rights and Privacy Act. Below is a summary of key takeaways.

Data protection

Data protection Attorney Law Law

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Debevoise Data Blog

JULY 9, 2021

Colorado has just adopted a brand-new data privacy law and Nevada has just significantly amended its law. further in the direction of European-style privacy law. This cure provision will expire on January 1, 2025. These changes add rights for consumers, and compliance obligations for businesses, that take the U.S.

Data protection

Data protection Attorney Compliance State law

Overview of Global AI Regulatory Developments and Some Tips to Reduce Risk

Debevoise Data Blog

MAY 2, 2023

New York City’s Automated Employment Decision Tool Law (“NYC AEDT”) requires covered employers to perform annual independent bias audits and to post public summaries of those results.

Compliance

Compliance Time-tracking Data protection Law

The EU AI Act: Political Agreement Secured, We Await the Final Text

Debevoise Data Blog

DECEMBER 17, 2023

If this timeline is met, the first provisions of the Act to come into force (the prohibition on “unacceptable risk” AI systems) will take effect in late 2024, followed by the requirements related to “high risk” systems in early 2025, and the remaining provisions in 2026. How to prepare. Conduct a preliminary review of current AI systems.

Data protection

Data protection Compliance Time-tracking Law

Legal Tech Connection

European Data Protection Roundup – June 2024

European Data Protection Roundup – December 2023

Trending Sources

The 2024 Clio Cloud Conference in Review

Texas Passes Data Privacy and Security Act

Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)

ENISA Releases Comprehensive Framework for Ensuring Cybersecurity in the Lifecycle of AI Systems

Utah Joins the Comprehensive State Privacy Law Club

Connecticut’s Next Generation Data Privacy Law

European Data Protection Roundup – January 2024

EU Rules Restricting the International Transfers of Non-Personal Data

The UK Online Safety Act – Keeping you informed here

The UK’s Emerging Approach to AI Regulation

NIS2 toughens up EU’s cyber security obligations

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

EU may expand the scope of the adequacy decision for Japan following its first review

New Jersey and New Hampshire Pass Comprehensive Privacy Legislation

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Overview of Global AI Regulatory Developments and Some Tips to Reduce Risk

The EU AI Act: Political Agreement Secured, We Await the Final Text

Stay Connected