LawSites

SEPTEMBER 8, 2021

20, is similar to Europe’s General Data Protection Regulation (GDPR) and applies to any organization that has employees in China or does business in China. This new PIPL product asks companies a series of questions about their business and how they handle personal information from China. With companies facing a Nov.

Compliance 85

Compliance Law Law Data protection 85

Debevoise Data Blog

AUGUST 27, 2024

Representative actions: In light of the CJEU ruling that a violation of the controller’s information obligations can be subject to a representative action, businesses should consider the potentially increased risk of litigation following GDPR breach allegations and how to respond.

Data protection 52

Data protection Compliance Litigator Litigation 52

Kevin O'Keefe

FEBRUARY 25, 2024

Privacy and Data Protection: Advising on compliance with data protection laws, including GDPR in Europe and CCPA in California, especially for AI systems that process personal data. Regulatory Compliance: Assisting with compliance regarding AI-specific regulations and standards across different sectors.

Law firm 130

Law firm Intellectual Property Data protection Compliance 130

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. These developments are covered in more detail below.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them. What else should fiduciaries do? (a)

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Legal IT Group

JUNE 26, 2023

In that case, you also need to be aware of whether the data protection rules are not violated. Source: Drones and Data Protection What should companies/people who use drones do to be in compliance with privacy regulations? Once again, it depends on the type of drone and the purpose you use it for.

Data protection 52

Data protection Time-tracking Compliance 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards. ICO proposes £6.09

Data protection 52

Data protection Court Software Compliance 52

Legal IT Group

SEPTEMBER 19, 2023

For example, in 2020, the Data Protection Authority of Hamburg imposed a 35.3 In particular, specific details about the lives of some employees of H&M (illnesses, medical diagnoses, religious beliefs, and family problems) were comprehensively recorded and stored as information on a network drive.

Data protection 52

Data protection Compliance e-records Law 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The controller was also fined €9,000 for not having the proper contact information for the DPO in its privacy policy, and for using cookies without user consent. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. While aspects of the regime, including details of incident reporting obligations, remain to be decided, the key requirements are now set.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

DECEMBER 22, 2023

For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. In particular, the paper recommends the use of internal data access controls, regular auditing of data security measures, and the use of data protection impact assessments.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection 52

Data protection Compliance Court Law 52

CaseFox

MAY 30, 2023

In today’s digital age, data security is a critical concern for law firms. As custodians of sensitive client information, law firms must take proactive measures to safeguard data from cyber threats and ensure compliance with data protection regulations.

Law firm 98

Law firm Data protection Law Law 98

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Bossware and the rules for processing personal data As a rule, the operation of bossware will involve the processing of employee personal data. 5 of the General Data Protection Regulation.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

MARCH 26, 2023

The tribunal agreed with the ICO that where Experian obtained personal data for marketing purposes from a third party that had collected it on the basis of consent, the consent would no longer be informed and withdrawal of consent is complicated, though Experian had since changed this practice.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

MatterSuite

DECEMBER 12, 2024

In today’s world, industries rely heavily on data to inform decisions and drive innovation. But with the increase of business information in layers, comes the challenge of protecting personal and sensitive information, too. What is Data Compliance? Why is Data Compliance Important?

Compliance 52

Compliance Data protection Failure-to-appear Time-tracking 52

Technology Law Dispatch

MARCH 24, 2023

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill No.2. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations in the UK.

Data protection 52

Data protection Failure-to-appear Compliance Software 52

Inside Privacy

OCTOBER 17, 2023

On 3 October 2023, the UK Information Commissioner’s Office (“ ICO ”) finalized its Employment practices and data protection − Monitoring workers guidance (“ Guidance ”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring.

Data protection 65

Data protection Time-tracking Case management Compliance 65

Global LegalTech Hub

MARCH 14, 2021

Contract management therefore requires the continuous protection of a company’s contractual relationships, tackling and resolving any difficulties that may arise throughout the life cycle of the contract. Not complying with regulations surrounding legitimacy and data, among other issues, can lead to substantial financial penalties.

Document management 130

Document management Intellectual Property Contract management Compliance 130

MatterSuite

JUNE 1, 2023

However, for corporate legal departments handling sensitive and confidential client information, safeguarding data is of utmost importance. The repercussions of a data breach in the legal sector can be severe, ranging from reputational damage to regulatory non-compliance.

Intellectual Property 98

Intellectual Property Data protection Compliance Law firm 98

MatterSuite

JUNE 1, 2023

However, for corporate legal departments handling sensitive and confidential client information, safeguarding data is of utmost importance. The repercussions of a data breach in the legal sector can be severe, ranging from reputational damage to regulatory non-compliance.

Intellectual Property 98

Intellectual Property Data protection Compliance Law firm 98

Debevoise Data Blog

NOVEMBER 10, 2020

October was a particularly busy month, with headline-grabbing stories such as the long-awaited finalisation of the fines against British Airways and Marriott, which may well be the last penalties the UK Information Commissioner’s Office (the “ICO”) issues as a GDPR Lead Supervisory Authority.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Ikigai Law

AUGUST 3, 2023

Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.

Data protection 52

Data protection Compliance e-filing Hearing 52

Debevoise Data Blog

FEBRUARY 20, 2023

On 29 December 2022, the CNIL fined TikTok UK and Ireland as joint controllers €5 million for failing to: offer users the ability to refuse cookies as easily as accepting them (several clicks were required to refuse all cookies, as opposed to just one to accept them); and inform users in a sufficiently precise manner about cookie purposes.

Data protection 52

Data protection Compliance e-records Court 52

Legal IT Group

JANUARY 4, 2023

Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. Moreover, it is necessary to remember that personal data processing processes are dynamic.

Compliance 52

Compliance Data protection Law Law 52

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

Debevoise Data Blog

OCTOBER 20, 2023

What to do : A UK business that wishes to transfer personal data to the US under the data bridge should go to the DPF List , search for the US organisation in question, and confirm they are signed up to the “UK Extension”. data transfers. Two areas that have been stressed previously in the data protection compliance context.

Data protection 52

Data protection Intellectual Property Compliance Law 52