Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. Virginia The Virginia Consumer Data Protection Act ( VCDPA ) was adopted in the spring of 2021 and came into force on January 01, 2023. Conclusion What does it actually mean for business?

Data protection 130

Data protection Law Law Attorney 130

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. What should the DTIA note for transferring personal data from the EU to Ukraine?

Data protection 130

Data protection Compliance Court Law 130

LawSites

AUGUST 4, 2022

state to mandate that attorneys take continuing legal education courses in cybersecurity, privacy and data protection. New York has become the first U.S. The order creates two types of cybersecurity training, one focused on ethics and the other on practice.

Data protection 111

Data protection Law Office Attorney Law firm 111

Berkley Technology Law Journal

NOVEMBER 27, 2024

Key topics expected for review include strengthening intellectual property enforcement, balancing access and affordability for certain pharmaceuticals, adjusting data exclusivity periods, and pioneering AI regulation with common data protection standards and ethical guidelines.

Intellectual Property 130

Intellectual Property Dispute resolution Data protection Machine learning 130

Inside Privacy

MAY 12, 2023

The last section of the paper discusses how various GDPR requirements apply in the context of data spaces – for example, obligations to: (i) appoint a data protection officer; (ii) conduct a data protection impact assessment; (iii) implement risk management processes, safeguards, and security measures for data sharing; (iv) ensure data governance and (..)

Data protection 79

Data protection Mediator Compliance State law 79

Inside Privacy

APRIL 28, 2023

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. Additionally, the ICO have added a new annex on data protection fairness considerations across the AI lifecycle.

Data protection 74

Data protection Compliance Law Law 74

Inside Privacy

JANUARY 22, 2024

In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. The DPO was also not sufficiently involved in the assessment.

Data protection 81

Data protection Compliance 81

Inside Privacy

JUNE 20, 2023

Last week, FCC Chairwoman Jessica Rosenworcel announced the creation of a new Privacy and Data Protection Task Force (the “Task Force”) to demonstrate the agency’s commitment to protecting consumer data and ensuring that the telecommunications industry remains secure from threat actors.

Data protection 79

Data protection 79

Inside Privacy

MARCH 14, 2023

On March 13, 2023, the CNIL published a statement announcing that it reminded these two organizations of their legal obligations under the French data protection framework. Despite being found in breach of the French data protection rules, none of the audited organizations were fined.

Data protection 65

Data protection Compliance 65

Justia Legal Marketing & Technology blog

DECEMBER 17, 2024

A website uses HTTPS to encrypt data transmission and protect sensitive information, such as client data and payment details. Privacy Policy: Clearly outline your firm’s privacy policy and data protection practices to build trust with your clients.

Law firm 246

Law firm Law Law Data protection 246

Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. 22, then there must be sufficient human-involvement in that processing for it to be GDPR-compliant.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

AUGUST 27, 2024

Building on prior European guidance , the French and Irish DPAs published guidance on the deployment of generative AI, large language models and data protection. To that end, the EDPB proposed designating DPAs as the “national competent authorities” under the AI Act to create a single point of contact.

Data protection 52

Data protection Compliance Litigator Litigation 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JULY 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection Time-tracking Mediator Analytics 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Technology Law Dispatch

OCTOBER 26, 2023

On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). This year its focus was on Cybersecurity – a topic that concerns organisations across the board. Here are the takeaways from the DPPC 2023 (the event sessions available here ).

Data protection 59

Data protection Due diligence Compliance Law 59

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Rocket Matter

OCTOBER 22, 2024

It’s important to educate yourself and your colleagues on cybersecurity to ensure that your law firm data is properly managed (After all, you are only as strong as your weakest link.) 11 Tips for Effective Law Firm Data Protection As a law firm, protecting your clients' sensitive information should be at the top of your priority list.

Law firm 98

Law firm Law Law Data protection 98

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Inside Privacy

NOVEMBER 28, 2023

They raise various questions under regulatory and data protection and data security laws. The DiGA Regulation imposes specific data protection and data security requirements on health apps (in addition to safety, functionality, quality and interoperability requirements). 26 of the GDPR.

Data protection 57

Data protection Time-tracking Software Law 57

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

DECEMBER 22, 2023

For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. In particular, the paper recommends the use of internal data access controls, regular auditing of data security measures, and the use of data protection impact assessments.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Berkley Technology Law Journal

JANUARY 24, 2025

They are responsible for overseeing an organizations data protection measures, risk management strategies, overall security infrastructure, among other critical responsibilities. Tasked with overseeing a firms cybersecurity posture, CISOs stand on the front lines of a corporations digital defense.

Failure-to-appear 130

Failure-to-appear Court Judge Data protection 130

Debevoise Data Blog

OCTOBER 20, 2023

The CMA further highlighted that transparency around the data used to train FMs is critical to reducing bias and improving accuracy of outputs, and to ensuring accountability. Two areas that have been stressed previously in the data protection compliance context.

Data protection 52

Data protection Intellectual Property Compliance Law 52

Legal IT Insiders

JULY 16, 2024

UK data protection advisory company 2twenty4 Consulting has released a free AI GDPR assessment tool to give firms an idea of how compliant their AI projects are. Based on 2twenty4’s […] The post 2twenty4 Consulting launches free AI project GDPR assessment tool appeared first on Legal IT Insider.

Data protection 138

Data protection Analytics 138

Legal IT Group

JUNE 5, 2023

A data protection impact assessment (DPIA) sounds like something big, complicated and problematic. DPIA stands for Data Protection Impact Assessment. A DPIA is typically conducted when a new project involving the specific processing of personal data is being implemented. Well, it is true. Let’s check.

Data protection 130

Data protection Compliance Time-tracking Law 130

Global LegalTech Hub

NOVEMBER 17, 2024

But in Latin America, no, perhaps there are, in some jurisdictions, regulations related to data protection, but that's not necessarily what we are referring to. I mean, in the European Union you have the directive, in the US there's a good number of resolutions and so on and so on. If I'm not wrong, the latest was Peru.

Due diligence 130

Due diligence Data protection Law firm Legal tech 130

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 130

Data protection Compliance International law Law 130

Relativity

MARCH 13, 2025

Ensuring compliance with data privacy regulations is not only a legal obligation; it’s a critical component of maintaining customer trust and safeguarding sensitive information. In 2025, several new regulations are expected to be enacted.

Compliance 52

Compliance Data protection 52

Global LegalTech Hub

MAY 7, 2024

Countries like Italy initially blocked ChatGPT's use, later reinstating it with promises of increased transparency and data protection. The Ibero-American Data Protection Network (RIPDP) warns of the risks associated with using AI services like those developed by OpenAI, L.L.C.,

Data protection 130

Data protection Compliance Law Law 130

Legal IT Group

FEBRUARY 23, 2023

Introduction In our previous articles , we have already drawn your attention to the Brazilian data protection legislation which is quite similar to the General Data Protection Regulation (GDPR). Also, the ANPD has shared a new form which should be used for sending security incident reports by a data controller.

Data protection 130

Data protection Compliance e-filing Law 130

Legal Tech Monitor

MARCH 9, 2023

Lawyers expect a wave of demand for advice from companies that need to strengthen their internal safeguards in order to avoid fines and restrictions on handling personal information

Data protection 59

Data protection Lawyer 59

Inside Privacy

JULY 3, 2023

On 21 June 2023, at the close of a roundtable meeting of the G7 Data Protection and Privacy Authorities, regulators from the United States, France, Germany, Italy, United Kingdom, Canada and Japan published a joint “Statement on Generative AI” (“Statement”) (available here ).

Data protection 108

Data protection Compliance Law Law 108

Legal IT Group

OCTOBER 23, 2023

However, the personalized advertising ecosystem relies heavily on the personal data of users, raising questions about data protection and privacy requirements. So, what should businesses take into account to comply with data protection requirements?

Data protection 130

Data protection Time-tracking Machine learning Compliance 130

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case. Apparently not.

Data protection 130

Data protection Compliance Court Law 130

Inside Privacy

APRIL 28, 2023

Following a number of complaints, the European Data Protection Supervisor (‘EDPS’) decided that the SRB shared pseudonymized personal data with the consulting firm without informing the affected individuals of this sharing. Before sharing the responses, SRB replaced the name of each respondent with a code.

Court 137

Court Data protection 137