Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection 52

Data protection Compliance Court Law 52

Ikigai Law

AUGUST 9, 2023

This article discusses the first step for fintechs to get ready for the new data law. No piece of legislation has taken more punches than our elusive data protection law. The data law is nearly here! The Digital Personal Data Protection Bill, 2023 was introduced in Parliament on 3 August 2023.

Data protection 52

Data protection Analytics Compliance Law 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. UK ICO provides new risk assessment tool for Article 46 transfers What happened : On 17 November 2022, the UK ICO published updated guidance on international data transfers.

Data protection 52

Data protection Compliance Due diligence Hearing 52

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Therefore, implementation and exploitation of such solutions by the employer (as a controller of employee data) must be done in compliance with the rules for processing of personal data under Art.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

OCTOBER 20, 2023

The CMA further highlighted that transparency around the data used to train FMs is critical to reducing bias and improving accuracy of outputs, and to ensuring accountability. Two areas that have been stressed previously in the data protection compliance context.

Data protection 52

Data protection Intellectual Property Compliance Law 52

Legal IT Group

JANUARY 4, 2023

Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. However, it is not enough to just formally have such policies in place.

Compliance 52

Compliance Data protection Law Law 52

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

Legal IT Group

JANUARY 17, 2023

Until recently, lawyers have tended to focus their attention on the legislation of California , but from 2023, new rules on personal data protection will come into force not only in this state but also in Virginia, Colorado, Utah and Connecticut. Similarly to the VCDPA, no income threshold is applied.

Data protection 52

Data protection Law Law Attorney 52

Centerbase

APRIL 28, 2023

Compliance is a priority for law firms. And legal software can be a key tool in helping you meet your firm’s compliance requirements. In this article, we’ll cover major compliance issues that law firms need to monitor and solutions that can reduce your risks. What online compliance risks does my law firm face?

Compliance 52

Compliance Law firm Legal software Legal software 52

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

Eric Goldman

FEBRUARY 15, 2024

.] * * * The European Union’s Digital Services Act (“DSA”), a significant legislative act of 93 articles and 156 recitals, will become fully effective from this Saturday, February 17, 2024. The DSA promises to change the internet inside the EU, and likely create spillover effects outside the EU.

Due diligence 105

Due diligence Data protection Compliance Court 105

Debevoise Data Blog

JUNE 25, 2022

In light of these trends, we have also included four tips for companies seeking to establish practical compliance and governance programs related to their ADM systems. What Laws Apply to Automated Decision-Making?

Compliance 52

Compliance Law Law Data protection 52

Technology Law Dispatch

FEBRUARY 22, 2023

C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. Whether Article 38(3) GDPR precluded member states from setting out further grounds for the dismissal of a DPO, beyond those laid out in the GDPR. […] 4.

Data protection 59

Data protection Court Compliance Federal law 59

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Inside Privacy

JANUARY 24, 2024

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.

Data protection 61

Data protection Intellectual Property Compliance Law 61

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. This is more likely be compliant with data protection law, as firms will be better placed to demonstrate that the user has a genuine free choice.“

Data protection 59

Data protection Compliance Court Law 59

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe.

Data protection 59

Data protection Analytics Compliance Court 59

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 52

Data protection Compliance International law Law 52

Inside Privacy

JUNE 1, 2023

It has been well-publicized that the Irish Data Protection Commission (“DPC”) has imposed a record €1.2 billion fine and corrective measures under the GDPR against Meta Ireland (“Meta”) in a long-running dispute relating to cross-border data transfers and the EU standard contractual clauses (“SCCs”).

Data protection 69

Data protection Court Compliance Hearing 69

Legal IT Group

JANUARY 10, 2023

Since the entry into force of the General Data Protection Regulation (GDPR), many companies processing the data of Europeans have faced the task of achieving the much desired GDPR-compliance. Why do we need this?

Compliance 52

Compliance Data protection Law Law 52

Inside Privacy

APRIL 7, 2023

On March 24, 2023, the Italian data protection authority (“Garante”) approved a Code of conduct (“Code”) on telemarketing and telesales activities. The Code was promoted by various Italian industry and consumer associations, pursuant to Article 40 of GDPR. Compliance throughout the supplier chain. Monitoring.

Compliance 81

Compliance Data protection Law Law 81

Inside Privacy

NOVEMBER 13, 2023

The dentist replied that, under German law, access to the patient’s medical records could be conditional on the data subject’s payment of the costs connected with providing the records.The patient claimed that this was inconsistent with the GDPR, which gives data subjects a right to access a copy of their data (Article 15).

Data protection 69

Data protection Law Law Court 69

Legal IT Group

JUNE 5, 2023

A data protection impact assessment (DPIA) sounds like something big, complicated and problematic. DPIA stands for Data Protection Impact Assessment. A DPIA is typically conducted when a new project involving the specific processing of personal data is being implemented. Well, it is true. Let’s check.

Data protection 52

Data protection Compliance Time-tracking Law 52

Inside Privacy

FEBRUARY 27, 2023

On February 22, 2023, the European Data Protection Board (“EDPB”) released its Work Program for 2023-2024 (“the Program”), outlining the key priority areas for the next two years. Advancing harmonization and facilitating compliance with the GDPR The EDPB will continue to publish guidance on key concepts of EU data protection law.

Data protection 52

Data protection Compliance Law Law 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case.

Data protection 52

Data protection Compliance Court Law 52

Technology Law Dispatch

MAY 10, 2023

Transfers of personal data The SAs agreed that before assessing the lawfulness of international data transfers within the meaning of Chapter V of the GDPR, controllers must ensure that all other provisions of the GDPR are complied with. They thus determine the “purposes and means” of processing under Article 4(7) GDPR.

Data protection 52

Data protection Analytics Compliance Law 52

Legal IT Group

FEBRUARY 23, 2023

Introduction In our previous articles , we have already drawn your attention to the Brazilian data protection legislation which is quite similar to the General Data Protection Regulation (GDPR). Also, the ANPD has shared a new form which should be used for sending security incident reports by a data controller.

Data protection 52

Data protection Compliance e-filing Law 52

Technology Law Dispatch

FEBRUARY 20, 2024

In our view, this would result in ‘online platforms’ within the meaning of Article 3(i) EU Digital Services Act (“ DSA ”) to be out of scope, unless they also provide number-independent interpersonal communication services. European Data Protection Board (EDPB), Statement 1/2024 of 13 February 2024 ).

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

APRIL 3, 2023

The CJEU also held that, in this case, providing the register under a court order served a different purpose ( i.e. , civil proceedings) from the one for which the data had been collected initially ( i.e. , tax compliance). If you have any questions about the interaction between data protection and local laws we are happy to assist.

Court 52

Court Data protection Litigator Litigation 52

Inside Privacy

APRIL 5, 2023

The Agency was not able to rely on other GDPR legal bases such as “compliance with a legal obligation” (Article 6(1)(c)) and “performance of a task carried out in the public interest” (Article 6(1)(e)).

Compliance 57

Compliance Data protection Court Law 57