Debevoise Data Blog

NOVEMBER 1, 2021

Subject access requests : The possibility that companies responding to data subject access requests from individuals will have to provide copies of entire documents containing their personal data, rather than only extracts. The court concluded that the legitimate interest could have been furthered through less intrusive means.

Data protection 52

Data protection Court Defendant Law 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ). Bonn Regional Court slashes Telco’s €9.55

Data protection 52

Data protection Dispute resolution Court Compliance 52

Technology Law Dispatch

AUGUST 2, 2023

The Summer 2023 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version This edition covers the following topics: New adequacy decision for EU-U.S. data transfers CJEU: Requirements for GDPR damage claims CJEU: Lawfulness of processing in case of Art.

Data protection 52

Data protection Court Law Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. What to do: As we reported previously there is increasing convergence between European data protection and competition law enforcement. The Regional Court in Berlin recently dismissed the €14.5

Data protection 52

Data protection Compliance Analytics Court 52

Legal IT Group

APRIL 28, 2023

In March 2023, Meta Platforms lost a class action lawsuit against the Dutch Data Privacy Stichting in an Amsterdam court, acting in conjunction with the Consumentenbond, the Dutch Consumers’ Association. Those purposes must be clearly specified and communicated.” of the Dutch Telecommunications Act.

Data protection 130

Data protection Time-tracking Court Lawsuit 130

Debevoise Data Blog

JANUARY 21, 2021

In this post, we look back at the 2020 European data protection landscape and five trends that help companies understand not only where we are, but where data protection enforcement, litigation, and practice may be headed. million against Marriott for its 2018 data breach When you dig deeper though, two key points emerge.

Data protection 52

Data protection Litigator Litigation Failure-to-appear 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing e-records Compliance 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

AUGUST 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s teeth; the challenges of GDPR-compliant facial recognition, after a Spanish supermarket chain was fined €2.5

Data protection 52

Data protection Dispute resolution Court Case law 52

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case.

Data protection 130

Data protection Compliance Court Law 130

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. The guidelines will be a new “go to” resource for those preparing for, and responding to, data breaches. Deliveroo algorithm ruled discriminatory by Italian court. English court rules GDPR does not apply to U.S. website.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

DECEMBER 13, 2022

UK ICO provides new risk assessment tool for Article 46 transfers What happened : On 17 November 2022, the UK ICO published updated guidance on international data transfers. Despite this, there remain public interest exemptions for court proceedings and law enforcement purposes.

Data protection 52

Data protection Due diligence Compliance Hearing 52

Legal IT Group

MARCH 21, 2023

Therefore, a logical question arises: what should an employer know about the use of personnel monitoring tools in order not to violate the requirements of personal data protection legislation? Justifying the need for monitoring The General Data Protection Regulation (GDPR) does not prohibit surveillance of employees in the workplace.

Data protection 130

Data protection Time-tracking Software Court 130

Legal IT Group

JULY 5, 2023

The role of codes of conduct in protecting personal data and what you need to know about compliance (and the consequences of deciding to comply but not doing so). Codes of conduct are referred to in Article 40 of the GDPR as a way of properly applying the GDPR. As a reminder: What is the code of conduct, and why is it needed?

Data protection 130

Data protection Compliance Court Software 130

Eric Goldman

MARCH 17, 2025

As the judge says resignedly, “Taking these provisions directly from a law enacted in the United Kingdom, the California Legislature left it to the courts to pass the CAADCA through the filter of our First Amendment.” Unsurprisingly, on remand, the district court declared the rest unconstitutional.

Court 52

Court Data protection Judge Law 52

Inside Privacy

MAY 4, 2023

On May 4, 2023, the Court of Justice of the European Union (‘CJEU’) decided, in case C-487/21 , that the right to obtain a ‘copy’ of personal data means that the data subject must provide with a faithful and intelligible reproduction of all personal data. Background. Fulfilling the right of access.

Intellectual Property 74

Intellectual Property Data protection Court Law 74

Inside Privacy

APRIL 3, 2023

On March 2, 2023, the Court of Justice of the EU (“CJEU”) decided, in case C-268/21 , that the GDPR applies to the production of evidence in civil court proceedings. The case sets limits on, but does not preclude, the production of personal data in court proceedings.

Court 52

Court Data protection Litigator Litigation 52

Debevoise Data Blog

JUNE 16, 2021

We also saw developments in the courts on when companies will be liable to pay individuals damages for GDPR violations and the German anti-trust regulator using its new enforcement powers. This follows a February 2021 reference by the German courts to the CJEU on whether the GDPR imposes a materiality threshold for damages claims.

Data protection 40

Data protection Compliance Court Time-tracking 40

Inside Privacy

MAY 5, 2023

On March 4, 2023, the European Court of Justice (”CJEU”) issued its judgment on case C-300/21, UI v Österreichische Post AG. In the Court’s view, Article 82 requires establishing: (i) “damage”, either material or non-material; (ii) an actual infringement of the GDPR; and (iii) a causal link between the two.

Data protection 79

Data protection Court Law Law 79

Technology Law Dispatch

FEBRUARY 22, 2023

The Court of Justice of the European Union (“ CJEU ”) issued a judgment on the 9 th of February 2023 (docket no. C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. KG. (“ X-FAB ”) and several of its group companies.

Data protection 59

Data protection Court Compliance Federal law 59

Legal Talk Network

MARCH 8, 2019

Thanks to our recent audio coverage and a related Above The Law article (hat-tip Bob Ambrogi ), I learned that the first ABA TECHSHOW took place in 1986, the same year our culture met Oprah Winfrey, had “ the need for speed ”, and was graced with the birth of Lady Gaga. ABA TECHSHOW 2019: Trending: GDPR and Data Privacy Laws?

Hearing 242

Hearing Judge Attorney Software 242

Eric Goldman

FEBRUARY 15, 2024

.] * * * The European Union’s Digital Services Act (“DSA”), a significant legislative act of 93 articles and 156 recitals, will become fully effective from this Saturday, February 17, 2024. The DSA will require much agency and court interpretation to give legal certainty to intermediaries and the recipients of their services.

Due diligence 106

Due diligence Data protection Compliance Court 106

Technology Law Dispatch

NOVEMBER 8, 2023

There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required. This is more likely be compliant with data protection law, as firms will be better placed to demonstrate that the user has a genuine free choice.“

Data protection 59

Data protection Compliance Court Law 59

Technology Law Dispatch

FEBRUARY 27, 2023

2022 was another busy year in privacy and data protection. Regulations surrounding privacy and data continue to develop at a rapid pace. Andreas Splittgerber , Munich – “2023 will be a landmark year for AI regulations in Europe. Sven Schonhofen , Munich – “Cookie compliance will continue to be an enforcement trend.

Data protection 59

Data protection Analytics Compliance Court 59

Inside Privacy

NOVEMBER 13, 2023

On October 26, 2023, the European Court of Justice (“CJEU”) decided that the GDPR grants a patient the right to obtain a copy of his or her medical record free of charge ( case C-307/22, FT v DW ). If you have any questions about the interaction between data protection and local laws we are happy to assist.

Data protection 69

Data protection Law Law Court 69

Vogel IT Law

APRIL 4, 2023

HealthCareInfoSecurity.com reported that “A user of the now-shuttered BreachForums in April 2021 posted a data set of 533 million Facebook profiles, including mobile numbers, email addresses and names scraped from the site in 2018 and 2019.” Facebook reported revenue of $23 billion in 2022 and $39 billion in 2021.

Data protection 52

Data protection Court Litigator Litigation 52

Inside Privacy

FEBRUARY 27, 2023

Collective action proceedings may be brought before national courts by qualified entities designated by their member state, who may seek injunctive relief and/or redress measures, including compensatory relief, reimbursement for damage, price reductions and/or product repairs, on behalf of consumers. Information about collective actions.

Data protection 52

Data protection Court Litigator Litigation 52

Discovery Advocate

APRIL 23, 2018

6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation (GDPR).

e-discovery 52

e-discovery Data protection Litigator Litigation 52

Technology Law Dispatch

NOVEMBER 28, 2023

The Tribunal found that, although the data processing activities carried out by Clearview constituted the monitoring of the behaviour of UK data subjects (and therefore fell within the territorial scope of Article 2 UK General Data Protection Regulation (UK GDPR).),

Data protection 52

Data protection Law Law Court 52

Inside Privacy

APRIL 5, 2023

The Agency was not able to rely on other GDPR legal bases such as “compliance with a legal obligation” (Article 6(1)(c)) and “performance of a task carried out in the public interest” (Article 6(1)(e)). If you have any questions about these cases, please reach out as we are happy to assist.

Data protection 57

Data protection Compliance Court Law 57

Centerbase

MARCH 31, 2025

Compliance and Security Law firms have a huge responsibility to handle client data with care that obliges them to adhere to strict ethical rules, maintain confidentiality, and ensure compliance with various data protection laws. Encourage team members to take breaks, use their vacation time, and participate in wellness programs.

Law firm 52

Law firm Time-tracking Law Law 52

Debevoise Data Blog

DECEMBER 22, 2020

Businesses operating in France should take these new blockbuster fines as another reminder of the importance of data protection frameworks and policies. These decisions are not yet final and may still be appealed before the Conseil d’Etat, the French top court for administrative matters. Background. and amazon.fr

Data protection 52

Data protection Compliance Court 52

CloudNine

MAY 1, 2024

The agenda featured a diverse range of topics, such as Modern Data, Link Files, eDiscovery Case Law, and Artificial Intelligence, making it an exceptional experience for attendees. Plaintiffs asked the Court to enter default judgment against the City, or, in the alternative, for an adverse-inference instruction. Doe LS 340 v.

e-discovery 59

e-discovery e-filing Litigator Litigation 59

Debevoise Data Blog

JUNE 25, 2022

Where ADM is permitted under Article 22 based on a contractual relationship or explicit consent, the company must also implement measures to safeguard the data subject’s rights, including rights to obtain human intervention, express their point of view, and contest the decision.

Compliance 52

Compliance Law Law Data protection 52

Debevoise Data Blog

APRIL 19, 2021

Starting from 1 March 2021, if a data subject’s personal data is posted on a publicly available resource, the operator of that resource (the “data operator”) must obtain a specific consent from the data subject to allow for public disclosure of that individual’s data (“Special Consent”). Special Consent.

Due diligence 52

Due diligence Data protection Federal law Court 52