Court, Data protection and State law

European Data Protection Roundup – Q4 2024

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection

Data protection Compliance Court State law

European Data Protection Roundup – November 2023

Debevoise Data Blog

DECEMBER 22, 2023

Businesses may want to consider how the courts reasoning may apply to other circumstances when dealing with disclosure requests. This guidance, which draws on the GDPR as well as national and EU case law, contains relevant advice for using AI in the healthcare space more broadly. These developments, and more, covered below. UK and U.S.

Data protection

Data protection Time-tracking Compliance Machine learning

Privacy Law: Status of Legal Practice Area in 2025

Martindale-Avvo

APRIL 30, 2025

A wave of state legislation with data protection requirements places new obligations on businesses and public institutions. The history of privacy law The roots of privacy law in the U.S. To understand how the law applies to client situations, an attorney should review the details of data collection technology.

Law

Law Law Federal law Data protection

Webinars

Prep with Purpose: How to Build Better Trial Binders

MORE WEBINARS

CJEU’s Advocate General Issues Opinion on GDPR Fines Against Companies

Inside Privacy

MAY 3, 2023

On April 27, 2023, the Advocate General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued its opinion in the case C-807/21 on the conditions for imposing GDPR fines on legal persons (e.g., million fine the Berlin Supervisory Authority imposed on Deutsche Wohnen SE for infringing the GDPR’s data retention obligations.

State law

State law Court Data protection Law

EU Rules Restricting the International Transfers of Non-Personal Data

Inside Privacy

FEBRUARY 1, 2024

Note that the data localization prohibition in this Regulation applies to individual EU Member States’ laws; it does not preclude the EU from implementing data localization requirements. X (Recent Council versions remove this obligation.)

Intellectual Property

Intellectual Property State law Court Compliance

Your Go-To Contract Risk Assessment Checklist

Percipient

MAY 8, 2025

Are confidentiality and data protection covered? If that data isnt properly protected, it opens the door to potential risks that could hurt your reputation or lead to legal trouble. Look for clear, fair steps to handle disputes, like mediation first, then arbitration or court if needed.

Dispute resolution

Dispute resolution Intellectual Property Time-tracking Data protection

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

3 Geeks and a Law Blog

JULY 11, 2023

I think we can all agree that data privacy is a fundamental and sacred, right. We live in a country where a court of law recently ruled that the All Writs Act couldn’t compel Apple to unlock an iPhone belonging to an accused terrorists. Not all, I believe only one or two state laws in the US require it.

Law firm

Law firm Time-tracking Due diligence Attorney

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

The TDPA provides for a private right of action for violation of the prohibition to sell, lease, or disclose data. Compensatory damages or damages between $200 and $1,000 are authorized for each unlawful sale, as are reasonable attorneys’ fees and court costs. See Vance v. Amazon.com Inc. , C20-1084JLR, 2021 WL 1401633, at *2 (W.D.

Law

Law Law Court Time-tracking

Connecticut’s Next Generation Data Privacy Law

Debevoise Data Blog

MAY 23, 2022

Like other state privacy laws, the CTPA contains a number of entity-based and data-based exemptions, including financial institutions covered by the Gramm-Leach-Bliley Act, national securities associations that are registered under the Securities Exchange Act of 1934, and data regulated by the Fair Credit Reporting Act, among other exemptions.

Law

Law Law Compliance Attorney

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Legal Tech Monitor

JULY 11, 2023

I think we can all agree that data privacy is a fundamental and sacred, right. We live in a country where a court of law recently ruled that the All Writs Act couldn’t compel Apple to unlock an iPhone belonging to an accused terrorists. Not all, I believe only one or two state laws in the US require it.

Law firm

Law firm Time-tracking Due diligence Attorney

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

Further, in a case that we have covered previously involving a supermarket using video surveillance with facial recognition capabilities, the Spanish data protection authority (the “AEDP”) fined grocer Mercadona for violating numerous provisions of the EU’s General Data Protection Regulation.

Compliance

Compliance Federal law Data protection Machine learning

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

Debevoise Data Blog

JANUARY 14, 2022

As a general rule, however, the FTC’s Division of Privacy and Identity Protection (the “DPIP”) initiates privacy and cybersecurity investigations via civil investigative demands (“CIDs”). A CID is a type of Commissioner-authorized subpoena, enforceable in court, that subjects the recipient to a number of formalized processes and timelines.

Compliance

Compliance Court Litigator Litigation

A Roundup of Recent Section 230 Decisions Involving Sex Abuse or CSAM

Eric Goldman

MAY 26, 2025

The court says this isn’t a dispositive issue because “Judge Coogler would have come to the conclusion that Defendants were content providers and thus not entitled to immunity under Section 230 even if he had not considered Anderson.” I disagree strongly with this court’s assessment. TikTok ruling. Reddit, Inc.

Defendant

Defendant Failure-to-appear Court Judge

Legal Tech Connection

European Data Protection Roundup – Q4 2024

European Data Protection Roundup – November 2023

Webinars

Trending Sources

Privacy Law: Status of Legal Practice Area in 2025

Webinars

CJEU’s Advocate General Issues Opinion on GDPR Fines Against Companies

EU Rules Restricting the International Transfers of Non-Personal Data

Your Go-To Contract Risk Assessment Checklist

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Face Forward: Strategies for Complying with Facial Recognition Laws

Connecticut’s Next Generation Data Privacy Law

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

A Roundup of Recent Section 230 Decisions Involving Sex Abuse or CSAM

Stay Connected