Spanish Data Protection Authority Issues Guidance on Data Spaces
Inside Privacy
MAY 12, 2023
In May 2023, the Spanish Supervisory Authority (“SA”) issued a detailed guidance paper on GDPR compliance in the context of data spaces.
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Inside Privacy
MAY 12, 2023
In May 2023, the Spanish Supervisory Authority (“SA”) issued a detailed guidance paper on GDPR compliance in the context of data spaces.
Debevoise Data Blog
JANUARY 17, 2025
Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Case Closed: How to Optimize Your Legal Intake Process for Efficiency
AI for Paralegals: Everything You Need to Know (and How to Use It Safely)
Inside Privacy
JANUARY 22, 2024
In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. The DPO was also not sufficiently involved in the assessment.
Inside Privacy
APRIL 28, 2023
On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. Additionally, the ICO have added a new annex on data protection fairness considerations across the AI lifecycle.
MatterSuite
MAY 8, 2023
Therefore, it is crucial for legal businesses to implement robust cyber security for law firm compliance measures to protect themselves and their clients. What is Cyber Security Compliance? Compliance requirements are usually set by government and regulatory bodies, as well as industry associations.
Technology Law Dispatch
JUNE 23, 2023
On 19 June 2023, the Information Commissioner’s Office (ICO) has released new Guidance on Privacy-Enhancing Technologies (PETs) for Data Protection Compliance. Understanding PETs PETs are software and hardware systems that can help minimize use of personal data use while maximizing information security.
Legal Tech Blog
SEPTEMBER 7, 2023
New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. However, compliance can be largely automated through artificial intelligence. On September 1, a new data protection law (revDSG) has come into force in Switzerland.
Inside Privacy
MARCH 14, 2023
Following a report, the French supervisory authority (“CNIL”) audited two organizations carrying out medical research in early 2022 to check their compliance with these requirements. Despite being found in breach of the French data protection rules, none of the audited organizations were fined.
Legal IT Group
SEPTEMBER 15, 2023
International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. How does conducting a DTIA relate to GDPR compliance?
Debevoise Data Blog
AUGUST 27, 2024
Building on prior European guidance , the French and Irish DPAs published guidance on the deployment of generative AI, large language models and data protection. To that end, the EDPB proposed designating DPAs as the “national competent authorities” under the AI Act to create a single point of contact.
Debevoise Data Blog
JUNE 27, 2024
Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. These developments are covered in more detail below.
LawSites
SEPTEMBER 8, 2021
20, is similar to Europe’s General Data Protection Regulation (GDPR) and applies to any organization that has employees in China or does business in China. China’s new law, just passed on Aug. Organizations must comply with the law by Nov.
Debevoise Data Blog
OCTOBER 12, 2021
million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.
Ikigai Law
AUGUST 4, 2023
India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them. What else should fiduciaries do? (a)
Legal IT Group
JUNE 26, 2023
In that case, you also need to be aware of whether the data protection rules are not violated. Source: Drones and Data Protection What should companies/people who use drones do to be in compliance with privacy regulations? Once again, it depends on the type of drone and the purpose you use it for.
Debevoise Data Blog
MAY 28, 2024
EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.
Debevoise Data Blog
MARCH 11, 2021
There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.
Debevoise Data Blog
JULY 20, 2021
Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.
Kevin O'Keefe
FEBRUARY 25, 2024
Privacy and Data Protection: Advising on compliance with data protection laws, including GDPR in Europe and CCPA in California, especially for AI systems that process personal data. Regulatory Compliance: Assisting with compliance regarding AI-specific regulations and standards across different sectors.
Legal IT Group
SEPTEMBER 19, 2023
For example, in 2020, the Data Protection Authority of Hamburg imposed a 35.3 This fact became known when the H&M servers encountered a technical error, and the data on the network drive became accessible to all employees for a few hours. Read more about employer monitoring and data protection in our previous article.
Debevoise Data Blog
SEPTEMBER 23, 2024
Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.
Debevoise Data Blog
APRIL 8, 2021
million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.
Debevoise Data Blog
SEPTEMBER 27, 2023
The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.
Debevoise Data Blog
JUNE 1, 2023
Privacy and Data Protection , a leading UK journal on practical data protection compliance issues, has featured in its latest edition an article by Robert Maddox and Stephanie Thomas on the hallmarks of effective data protection by design and default under the EU and UK GDPR.
Technology Law Dispatch
OCTOBER 26, 2023
On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). Any framework could be used as a baseline as long as the focus is on security as an outcome and not compliance. Here are the takeaways from the DPPC 2023 (the event sessions available here ).
Ikigai Law
AUGUST 9, 2023
No piece of legislation has taken more punches than our elusive data protection law. The data law is nearly here! The Digital Personal Data Protection Bill, 2023 was introduced in Parliament on 3 August 2023. Say you are a payment aggregator or a KYC service provider or an AI-based data analytics service provider.
Debevoise Data Blog
APRIL 28, 2023
UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000
Debevoise Data Blog
NOVEMBER 21, 2023
Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.
Debevoise Data Blog
JUNE 8, 2023
Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)
new tech law blog
JANUARY 2, 2023
In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Therefore, implementation and exploitation of such solutions by the employer (as a controller of employee data) must be done in compliance with the rules for processing of personal data under Art.
Debevoise Data Blog
DECEMBER 13, 2022
Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. The ban follows recent public sector scandals involving the use of facial recognition technology. Despite this, there remain public interest exemptions for court proceedings and law enforcement purposes.
Debevoise Data Blog
DECEMBER 22, 2023
For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. In particular, the paper recommends the use of internal data access controls, regular auditing of data security measures, and the use of data protection impact assessments.
Debevoise Data Blog
DECEMBER 10, 2020
The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).
Debevoise Data Blog
MARCH 26, 2023
As multi-jurisdiction data protection concerns expand and opportunities to rely on a lead supervisory authority may narrow , the EDPB is emphasising consistency of decisions between national supervisory authorities through, among other measures, the development of approval procedures that require a cooperation phase and the creation of task forces.
Debevoise Data Blog
MAY 12, 2023
Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.
Debevoise Data Blog
MAY 7, 2021
The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.
Technology Law Dispatch
MARCH 24, 2023
On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill No.2. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations in the UK.
Debevoise Data Blog
APRIL 26, 2024
Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.
Debevoise Data Blog
NOVEMBER 10, 2020
ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.
MatterSuite
DECEMBER 12, 2024
But with the increase of business information in layers, comes the challenge of protecting personal and sensitive information, too. Amidst a world where cyber threats are becoming very advanced and prevalent, it is now imperative to uphold robust compliance to security frameworks, as well as sufficient cybersecurity measures , to secure data.
Ikigai Law
AUGUST 3, 2023
Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.
Legal IT Group
JANUARY 4, 2023
Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. However, it is not enough to just formally have such policies in place.
Debevoise Data Blog
FEBRUARY 20, 2023
When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.
Debevoise Data Blog
OCTOBER 20, 2023
The CMA further highlighted that transparency around the data used to train FMs is critical to reducing bias and improving accuracy of outputs, and to ensuring accountability. Two areas that have been stressed previously in the data protection compliance context.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content