Compliance, Data protection and State law

European Data Protection Roundup – Q4 2024

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection

Data protection Compliance Court State law

Spanish Data Protection Authority Issues Guidance on Data Spaces

Inside Privacy

MAY 12, 2023

In May 2023, the Spanish Supervisory Authority (“SA”) issued a detailed guidance paper on GDPR compliance in the context of data spaces. If you have questions about data spaces, we are happy to assist.

Data protection

Data protection Mediator Compliance State law

European Data Protection Roundup – November 2023

Debevoise Data Blog

DECEMBER 22, 2023

This guidance, which draws on the GDPR as well as national and EU case law, contains relevant advice for using AI in the healthcare space more broadly. For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. UK and U.S.

Data protection

Data protection Time-tracking Compliance Machine learning

Webinars

Smarter Patent Family Research: The Tools And Tactics You Need Now

Fresh Out of School: How to Become an Expert Paralegal

MORE WEBINARS

Privacy Law: Status of Legal Practice Area in 2025

Martindale-Avvo

APRIL 30, 2025

Privacy law is a growing and dynamic area of practice for many attorneys. A wave of state legislation with data protection requirements places new obligations on businesses and public institutions. The history of privacy law The roots of privacy law in the U.S. go back further than one might think.

Law

Law Law Federal law Data protection

Where to Begin With Data Governance Frameworks and How Software Can Help (Brandon Wiebe, GC & Head of Privacy, Transcend)

Technically Legal

SEPTEMBER 28, 2023

Brandon Wiebe, General Counsel and Head of Privacy at Transcend, offers tips about implementing data governance frameworks and how to utilize software in the process. Brandon’s company is a privacy platform that helps legal and compliance teams automate data compliance tasks.

Software

Software Data protection Compliance State law

Does Your Company Have a Data Privacy Plan? Here’s Where to Start

Percipient

OCTOBER 4, 2023

If your company handles consumer data and are wondering where to start with a data privacy compliance plan, the latest episode of the Technically Legal Podcast has some great, practical advice for just that. Brandon explains that most data privacy laws , like the General Data Protection Regulation (GDPR) in the EU and U.S.

Data protection

Data protection Compliance State law Software

EU Rules Restricting the International Transfers of Non-Personal Data

Inside Privacy

FEBRUARY 1, 2024

This regulation is directly applicable in all EU Member States since May 28, 2019. Note that the data localization prohibition in this Regulation applies to individual EU Member States’ laws; it does not preclude the EU from implementing data localization requirements.

Intellectual Property

Intellectual Property State law Court Compliance

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

3 Geeks and a Law Blog

JULY 11, 2023

He announces SessionGuardian will offer free CLE courses on cybersecurity awareness and compliance. Firms should look beyond check-the-box compliance to make privacy and security central in their culture. Generally however, it’s hard for global law firms right that sometimes have to compete with conflicting regimes.

Law firm

Law firm Time-tracking Due diligence Attorney

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

Debevoise Data Blog

DECEMBER 16, 2021

The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023. These developments have companies understandably concerned about complying with a patchwork of state laws.

Data protection

Data protection Compliance Law Law

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

Debevoise Data Blog

DECEMBER 1, 2021

Information Privacy Law. With a thorough discussion of the nuances related to advertising and tracking, this section also covers the new privacy laws impacting the industry, including updates stemming from the CCPA, the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act.

Law

Law Law Data protection Litigator

Utah Joins the Comprehensive State Privacy Law Club

Debevoise Data Blog

APRIL 29, 2022

In prior posts, we have written about the evolving state privacy law landscape, including how to prepare for state privacy laws coming into effect in 2023 here ; various aspects of the CCPA and CPRA, including here and here ; and the Virginia Consumer Data Protection Act (“VCDPA”) here.

Law

Law Law Data protection Attorney

Connecticut’s Next Generation Data Privacy Law

Debevoise Data Blog

MAY 23, 2022

Here, we highlight key aspects of the CTPA with a focus on the provisions that companies should consider in their compliance preparations. We also provide an overview of the CTPA’s enforcement mechanisms and explain how the CTPA modifies prior laws’ safe harbor with a nod towards prosecutorial discretion. CTPA § 4(b).

Law

Law Law Compliance Attorney

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Legal Tech Monitor

JULY 11, 2023

He announces SessionGuardian will offer free CLE courses on cybersecurity awareness and compliance. Firms should look beyond check-the-box compliance to make privacy and security central in their culture. Generally however, it’s hard for global law firms right that sometimes have to compete with conflicting regimes.

Law firm

Law firm Time-tracking Due diligence Attorney

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

The TDPA provides for a private right of action for violation of the prohibition to sell, lease, or disclose data. State Laws Permitting but Regulating Collection and Use of Biometric Identifiers, including Facial Data.

Law

Law Law Court Time-tracking

What the ADPPA Means for U.S. Data Regulation

Debevoise Data Blog

JULY 12, 2022

Even if not enacted, its provisions are likely to influence a future federal privacy law. And, in many ways, the ADPPA may set a new minimum standard that will shape any state laws passed to fill the void left by the lack of a federal privacy law. We’ve previously written about the development of U.S. ADPPA § 302(a).

State law

State law Federal law Compliance Data protection

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

This would seem to eliminate not just the possibility of compliance-by-signage but also the possibility of online consent. Massachusetts would also completely ban “monetizing” – a term defined broadly –biometric identifiers as well as geolocation data. Compliance. Has the company obtained those individuals’ consent?

Compliance

Compliance Federal law Data protection Machine learning

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Debevoise Data Blog

JANUARY 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and enforcement priorities.

Compliance

Compliance Court Litigator Litigation

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Debevoise Data Blog

JULY 9, 2021

Colorado has just adopted a brand-new data privacy law and Nevada has just significantly amended its law. These changes add rights for consumers, and compliance obligations for businesses, that take the U.S. further in the direction of European-style privacy law.

Data protection

Data protection Attorney Compliance State law

Legal Tech Connection

European Data Protection Roundup – Q4 2024

Spanish Data Protection Authority Issues Guidance on Data Spaces

Webinars

Trending Sources

European Data Protection Roundup – November 2023

Webinars

Privacy Law: Status of Legal Practice Area in 2025

Where to Begin With Data Governance Frameworks and How Software Can Help (Brandon Wiebe, GC & Head of Privacy, Transcend)

Does Your Company Have a Data Privacy Plan? Here’s Where to Start

EU Rules Restricting the International Transfers of Non-Personal Data

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

Utah Joins the Comprehensive State Privacy Law Club

Connecticut’s Next Generation Data Privacy Law

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Face Forward: Strategies for Complying with Facial Recognition Laws

What the ADPPA Means for U.S. Data Regulation

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

New Privacy Legislation in the U.S.: The Patchwork Problem Grows

Stay Connected