Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. has appealed , both penalties show that companies need to be wary not only of how they treat customer data, but also employee data. Spanish DPA hands CaixaBank record €6m fine. English court rules GDPR does not apply to U.S.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 The amount of compensation should be assessed by Member State courts under their domestic rules.

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

FEBRUARY 20, 2023

Relatedly, a Swedish Court upheld the Swedish IMY’s 2022 reprimand of Klarna Bank AB for failing to disclose information regarding the specific recipients of personal data to a requesting data subject; providing the categories of recipients only was insufficient.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

JANUARY 25, 2024

Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. 6, meaning that businesses may wish to review their records of processing activities to ensure that both are reflected. 9 and GDPR Art.

Data protection 40

Data protection Court e-records Compliance 40

Percipient

APRIL 22, 2023

Companies must also foot the bill for consumer data requests authorized under privacy regulations unless the request is “excessive.” 23, 2015) the court observed that responding parties presumptively bear the expense of complying with discovery requests unless the expense is “significant.” 11 cv 4071 (N.D.

e-discovery 97

e-discovery Court e-records Litigator 97

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Centerbase

MARCH 31, 2025

When there is no clear workflow or unified platform, staff may lose track of deadlines, duplicate efforts, or generate inaccuracies in record-keeping. Any data breach or mishandling of client funds can result in severe reputational damage and legal repercussions.

Law firm 52

Law firm Time-tracking Law Law 52

MatterSuite

OCTOBER 27, 2023

E-discovery solutions , a significant part of legal tech, were estimated to be a multi-billion-dollar industry. The global e-discovery market size was projected to reach $17.32 Data Security: Ensuring the confidentiality and security of sensitive legal information is paramount. This enhances trust in legal documentation.

Legal tech 52

Legal tech Legal tech e-discovery Machine learning 52

Clio

OCTOBER 8, 2024

With a record 2,500 in-person and 1,500 virtual attendees, Jack highlighted Clio’s growth alongside AI’s transformative role in the legal profession, as outlined in the latest Legal Trends Report. Gavin shared tactical steps to protect sensitive information and emphasized the ethical considerations involved in data protection.

Time-tracking 59

Time-tracking Judge Law firm Data protection 59

Ikigai Law

AUGUST 7, 2023

Fast forward to the last month, the Delhi High Court used the long arm of the PMLA to classify PayPal as a ‘reporting entity’ under the PMLA. The Court rejected this premise. Main Course : Deep dive stories on card network portability, and impact of the data protection bill on fintechs. The data law is nearly here!

Data protection 52

Data protection Law Law e-records 52

Debevoise Data Blog

JULY 31, 2023

Data Privacy Framework (the “DPF”). The decision enables businesses in Europe to transfer personal data to DPF-certified U.S. businesses without having to implement additional data protection safeguards. Data subjects may lodge complaints through both U.S.- The DPF is the third U.S. or EU-based recourse mechanisms.

Data protection 52

Data protection Dispute resolution e-filing e-records 52

Berkley Technology Law Journal

NOVEMBER 18, 2022

Legislation empowers the European Commission to designate certain tech companies as gatekeepers and impose obligations on them in relation to data, advertising, e-commerce, interoperability, and the commercial relationships between the service providers customers and end users. One idea is the idea of data portability.

Law 100

Law Law Data protection Court 100

Berkley Technology Law Journal

NOVEMBER 18, 2022

Legislation empowers the European Commission to designate certain tech companies as gatekeepers and impose obligations on them in relation to data, advertising, e-commerce, interoperability, and the commercial relationships between the service providers customers and end users. One idea is the idea of data portability.

Law 100

Law Law Data protection Court 100

Debevoise Data Blog

JANUARY 14, 2022

As a general rule, however, the FTC’s Division of Privacy and Identity Protection (the “DPIP”) initiates privacy and cybersecurity investigations via civil investigative demands (“CIDs”). A CID is a type of Commissioner-authorized subpoena, enforceable in court, that subjects the recipient to a number of formalized processes and timelines.

Compliance 52

Compliance Court Litigator Litigation 52

Debevoise Data Blog

JANUARY 16, 2025

Department of Justice (DOJ) issued the Final Rule on Preventing Access to Sensitive Data, creating a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data to foreign adversaries deemed threats to U.S. Engaging in data-mapping exercises may alleviate this burden.

Compliance 52

Compliance Due diligence e-records Time-tracking 52