Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. In December 2020, the Regional Court of Bonn held that, when reducing a €9.6

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ). Bonn Regional Court slashes Telco’s €9.55

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing e-records Compliance 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

MARCH 26, 2023

As multi-jurisdiction data protection concerns expand and opportunities to rely on a lead supervisory authority may narrow , the EDPB is emphasising consistency of decisions between national supervisory authorities through, among other measures, the development of approval procedures that require a cooperation phase and the creation of task forces.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. 22, as set out by the court.

Data protection 52

Data protection Software design Machine learning Software 52

Legal IT Group

APRIL 28, 2023

In March 2023, Meta Platforms lost a class action lawsuit against the Dutch Data Privacy Stichting in an Amsterdam court, acting in conjunction with the Consumentenbond, the Dutch Consumers’ Association. There is a clear link here between the assessment of necessity and compliance with the purpose limitation principle.

Data protection 130

Data protection Time-tracking Court Lawsuit 130

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. Despite this, there remain public interest exemptions for court proceedings and law enforcement purposes. The ban follows recent public sector scandals involving the use of facial recognition technology.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

DECEMBER 22, 2023

Businesses may want to consider how the courts reasoning may apply to other circumstances when dealing with disclosure requests. For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. UK and U.S.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Legal IT Group

JULY 5, 2023

The role of codes of conduct in protecting personal data and what you need to know about compliance (and the consequences of deciding to comply but not doing so). The data protection issues in each situation with video technologies may differ, as well as the legal analysis when using a particular technology.

Data protection 130

Data protection Compliance Court Software 130

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws. So, what “agreed in principle” proposals are worth paying attention to?

Data protection 130

Data protection Compliance Litigator Litigation 130

Legal IT Group

MARCH 21, 2023

Therefore, a logical question arises: what should an employer know about the use of personnel monitoring tools in order not to violate the requirements of personal data protection legislation? Justifying the need for monitoring The General Data Protection Regulation (GDPR) does not prohibit surveillance of employees in the workplace.

Data protection 130

Data protection Time-tracking Software Compliance 130

Debevoise Data Blog

FEBRUARY 20, 2023

When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.

Data protection 52

Data protection Compliance e-records Court 52

MatterSuite

DECEMBER 12, 2024

But with the increase of business information in layers, comes the challenge of protecting personal and sensitive information, too. Amidst a world where cyber threats are becoming very advanced and prevalent, it is now imperative to uphold robust compliance to security frameworks, as well as sufficient cybersecurity measures , to secure data.

Compliance 52

Compliance Data protection Failure-to-appear Time-tracking 52

Martindale-Avvo

APRIL 30, 2025

A wave of state legislation with data protection requirements places new obligations on businesses and public institutions. Supreme Court rulings have found that the First, Third, Fourth, and Fifth amendments of the Constitution contain a right to privacy. The history of privacy law The roots of privacy law in the U.S.

Law 52

Law Law Federal law Data protection 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

JANUARY 25, 2024

Nevertheless, when considering the appropriateness of protective measures, the obligation rests on the data controller to prove that they met the required standard. The rulings arose at the request of both the German and Lithuanian courts, following local administrative fines. The Court ruled that: “Scoring” (i.e.,

Data protection 40

Data protection Court e-records Compliance 40

CEE Legal Tech

OCTOBER 10, 2021

The judiciary is divided into, constitutional, civil and criminal courts, administrative courts and courts of conflict. Most of them either provide law firm management products or data protection compliance automation tools. There are also quasi-legal authorities like arbitration committees for consumers.

Legal tech 130

Legal tech Legal tech Data protection Legal advice 130

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Percipient

APRIL 22, 2023

If the subpoena issued is in federal litigation, your company is likely responsible for the cost of compliance, especially if it has a connection to the litigation. Companies must also foot the bill for consumer data requests authorized under privacy regulations unless the request is “excessive.” Cardinal Growth, L.P. ,

e-discovery 97

e-discovery Court e-records Litigator 97

Debevoise Data Blog

JUNE 16, 2021

May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators are increasingly focused on adtech and cookies compliance; and (iii) that the GDPR applies not just in the EU and UK but also Iceland, Liechtenstein and Norway.

Data protection 40

Data protection Compliance Court Time-tracking 40

Inside Privacy

APRIL 3, 2023

On March 2, 2023, the Court of Justice of the EU (“CJEU”) decided, in case C-268/21 , that the GDPR applies to the production of evidence in civil court proceedings. The case sets limits on, but does not preclude, the production of personal data in court proceedings.

Court 52

Court Data protection Litigator Litigation 52

Clio

MAY 12, 2025

Receive the added benefit of software that understands estate planning regulations and legal compliance so you can be assured your work is error-free. Task tracking and automation : Stay on top of critical steps like document signing, court filings, and follow-ups with automated task lists and reminders for each estate plan or probate matter.

Estate planning 52

Estate planning Attorney e-filing Document automation 52

Technology Law Dispatch

FEBRUARY 22, 2023

The Court of Justice of the European Union (“ CJEU ”) issued a judgment on the 9 th of February 2023 (docket no. C-453/21) , which addresses the question of the dismissal of a Data Protection Officer (“ DPO ”) and the interpretation of Article 38 of the EU GDPR. KG. (“ X-FAB ”) and several of its group companies.

Data protection 59

Data protection Court Compliance Federal law 59

Centerbase

MARCH 31, 2025

Managing a law firm requires more than overseeing cases and delegating tasksit demands a strategic approach that balances client expectations, regulatory compliance, and operational efficiency. This includes financial management, client communication, human resources, compliance, marketing, and technology integration.

Law firm 52

Law firm Time-tracking Law Law 52

Debevoise Data Blog

JUNE 25, 2022

In light of these trends, we have also included four tips for companies seeking to establish practical compliance and governance programs related to their ADM systems. What Laws Apply to Automated Decision-Making?

Compliance 52

Compliance Law Law Data protection 52

CloudNine

JANUARY 10, 2024

Data Privacy Restrictions Will Increase With the growing awareness and importance of data privacy, governments and corporations will encounter more stringent regulations globally. The General Data Protection Regulation (GDPR) is an early example of this. This may be especially true for data that crosses national borders.

Compliance 104

Compliance Machine learning Litigator Litigation 104

Inside Privacy

NOVEMBER 13, 2023

On October 26, 2023, the European Court of Justice (“CJEU”) decided that the GDPR grants a patient the right to obtain a copy of his or her medical record free of charge ( case C-307/22, FT v DW ). If you have any questions about the interaction between data protection and local laws we are happy to assist.

Data protection 69

Data protection Law Law Court 69