Legal Tech Blog

SEPTEMBER 7, 2023

New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. However, compliance can be largely automated through artificial intelligence. On September 1, a new data protection law (revDSG) has come into force in Switzerland.

Compliance 70

Compliance Data protection Legal tech Legal tech 70

Debevoise Data Blog

JUNE 1, 2023

Privacy and Data Protection , a leading UK journal on practical data protection compliance issues, has featured in its latest edition an article by Robert Maddox and Stephanie Thomas on the hallmarks of effective data protection by design and default under the EU and UK GDPR.

Data protection 52

Data protection Compliance 52

Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. An overview and summary of the law is on our blog. What data is covered? Read on for a quick explainer of what the law means for you.

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 82 (see our May 2021 , August 2021 , and October 2022 blog posts for previous developments).

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

JANUARY 25, 2024

They are also reminded of their obligation to maintain appropriate technical and organisational measures in relation to their data processing, and may wish to review their compliance with these measures. It remains to be seen whether data protect authorities will provide guidance on how to interpret the “draw strongly” condition.

Data protection 40

Data protection Court e-records Compliance 40

Debevoise Data Blog

MARCH 26, 2023

As multi-jurisdiction data protection concerns expand and opportunities to rely on a lead supervisory authority may narrow , the EDPB is emphasising consistency of decisions between national supervisory authorities through, among other measures, the development of approval procedures that require a cooperation phase and the creation of task forces.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. The UK Government followed on 30 November 2022 with an announcement about its own expanded measures, which focus in particular on critical digital infrastructure.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). What to do : For businesses in the U.S.,

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

OCTOBER 20, 2023

data bridge comes into force 12 October 2023 What happened : Parliament passed Regulations giving effect to the UK-U.S. data bridge from 12 October 2023. EU context, see this Debevoise blog. From 12 October, UK businesses can transfer UK GDPR-covered personal data to certified U.S. For the wider UK-U.S.-EU

Data protection 52

Data protection Intellectual Property Compliance Law 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Therefore, implementation and exploitation of such solutions by the employer (as a controller of employee data) must be done in compliance with the rules for processing of personal data under Art.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. See our blog post here for further tips on managing the latest landscape.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. We will continue to report on progress through the Blog. What to do: Companies transferring GDPR-covered personal data to the U.S. DPAs focus on cookies compliance and the ePrivacy Regulation progresses.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

FEBRUARY 20, 2023

When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Kevin O'Keefe

FEBRUARY 25, 2024

On blogs, on websites, via contributed articles and more. Privacy and Data Protection: Advising on compliance with data protection laws, including GDPR in Europe and CCPA in California, especially for AI systems that process personal data. All Areas of the Law Required AI Insight Via Publishing 1.

Law firm 130

Law firm Intellectual Property Data protection Compliance 130

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

SEPTEMBER 12, 2022

This blog post addresses key aspects of the Amendments that impact multinational companies: (i) expanded extraterritorial effect; (ii) enhanced cross-border data transfer restrictions; and (iii) mandatory data breach notification. Companies will also be required to conduct a cross-border data transfer risk assessment.

Data protection 52

Data protection Compliance Time-tracking Litigator 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

CaseFox

JUNE 3, 2023

While technology and digitalization offer convenience and efficiency, they also come with legal compliance responsibilities. This makes it crucial for law firms to prioritize the protection of sensitive payment information. One critical aspect of achieving this is maintaining compliance with the Payment Card Industry (PCI) standards.

Compliance 52

Compliance Law firm Law Law 52

Eric Goldman

FEBRUARY 15, 2024

Marketa Trimble [Eric’s introductory note: I briefly addressed the DSA in this blog post , along with the attached meme. The application of some DSA provisions will likely be tested with respect to their compliance with the EU Charter of Fundamental Rights , such as the “crisis response mechanism” under DSA Article 36.

Due diligence 104

Due diligence Data protection Compliance Court 104

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

MatterSuite

SEPTEMBER 20, 2024

With an increasing number of companies and their growing legal challenges, especially in terms of compliance with increasingly stringent regulations, the demand for highly effective internal legal departments has increased. These teams are very important in terms of handling legal issues, compliance, and facilitating business processes.

Intellectual Property 52

Intellectual Property Data protection Compliance Dispute resolution 52

Technology Law Dispatch

JULY 28, 2023

The recent reprimands by ICO shed light on areas of data protection where organizations across the public and private sectors have fallen foul of the UK GDPR and are instructive as to how organisations can improve their practices. Our blog focuses on three key lessons gleaned from these reprimands.

Data protection 52

Data protection Compliance Law Law 52

Inside Privacy

MARCH 12, 2024

On February 28, the European Data Protection Board (“EDPB”) announced that EU supervisory authorities (“SAs”) will undertake a coordinated enforcement action in 2024 regarding data subjects’ right of access under the GDPR. In 2023, regulators focused upon data protection officers’ designation and role.

Data protection 72

Data protection Compliance 72

MatterSuite

JUNE 1, 2023

The repercussions of a data breach in the legal sector can be severe, ranging from reputational damage to regulatory non-compliance. In this blog, we will explore the essential elements of data security that every legal department should know of. We will delve into the potential risks and challenges faced by law firms.

Intellectual Property 98

Intellectual Property Data protection Compliance Law firm 98

MatterSuite

JUNE 1, 2023

The repercussions of a data breach in the legal sector can be severe, ranging from reputational damage to regulatory non-compliance. In this blog, we will explore the essential elements of data security that every legal department should know of. We will delve into the potential risks and challenges faced by law firms.

Intellectual Property 98

Intellectual Property Data protection Compliance Law firm 98

Debevoise Data Blog

JUNE 25, 2022

In this Debevoise Data Blog post, we discuss several new laws focused on ADM that are either in effect today or will go into effect in 2023, as well as circumstances in which litigants have used these laws to challenge companies’ uses of ADM tools. To subscribe to our Data Blog, please click here.

Compliance 52

Compliance Law Law Data protection 52

Debevoise Data Blog

SEPTEMBER 25, 2024

However, data controllers and processers should be aware that the UK’s Information Commissioner’s Office (“ICO”) can also carry out dawn raids as part of investigations into compliance with data protection laws. unlawfully obtaining personal data). Train key staff on protocols and procedures for dawn raids.

Data protection 52

Data protection Failure-to-appear Court Judge 52

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Debevoise Data Blog

DECEMBER 18, 2023

As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up.

Data protection 52

Data protection Compliance Hearing Attorney 52