Debevoise Data Blog

OCTOBER 11, 2021

The PIPL has been referred to as China’s version of Europe’s General Data Protection Regulation (“GDPR”), given that the PIPL in substance mimics many of GDPR’s restrictions on the usage and collection of personal information. 3 Article 2. 4 Article 4. 5 Article 3. 6 Article 53. 7 Articles 33 and 34. 8 Articles 5-10.

Law 52

Law Law e-records Compliance 52

Clio

OCTOBER 8, 2024

With a record 2,500 in-person and 1,500 virtual attendees, Jack highlighted Clio’s growth alongside AI’s transformative role in the legal profession, as outlined in the latest Legal Trends Report. Gavin shared tactical steps to protect sensitive information and emphasized the ethical considerations involved in data protection.

Time-tracking 59

Time-tracking Judge Law firm Data protection 59

Legal Tech Blog

DECEMBER 8, 2022

While these are necessary to help reduce complacency towards internal data protection compliance and ensure organisations actively work to reduce their exposure, it isn’t always easy for companies to align. In the case of e-discovery , for example, artificial intelligence is already being leveraged to great effect.

e-discovery 52

e-discovery Machine learning Compliance Due diligence 52

Lawmatics

JULY 2, 2024

Data security and confidentiality. Ensure that client data is handled securely and confidentially throughout the intake process. Implement robust data protection measures to safeguard sensitive information. Documentation and Follow-Up. We are getting more use out of it than we imagined we would ever have to.

Client Intake 40

Client Intake Software Time-tracking Legal software 40

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. Standard Contractual Clauses).

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. 22, then there must be sufficient human-involvement in that processing for it to be GDPR-compliant.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

FEBRUARY 20, 2023

Orange established a mobile telephone contract and SIM card without adequately verifying the customer’s data, resulting in identity theft and data processing of a victim’s personal data without consent. To subscribe to the Data Blog, please click here. The cover art used in this blog post was generated by DALL-E.

Data protection 52

Data protection Compliance e-records Court 52

Debevoise Data Blog

FEBRUARY 10, 2021

As covered in our Annual Review , 2020 was a blockbuster year for European data protection. has appealed , both penalties show that companies need to be wary not only of how they treat customer data, but also employee data. Spanish DPA hands CaixaBank record €6m fine. While Notebooksbilliger.de website.

Data protection 52

Data protection Time-tracking Defendant Court 52

Debevoise Data Blog

JANUARY 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act , introducing cybersecurity requirements for digital products sold in the EU. The UK Upper Tribunal did not consider the provisions under the UK GDPR.

Data protection 52

Data protection Compliance Court State law 52

Percipient

APRIL 22, 2023

The court-appointed the SBA as a receiver and permitted it to marshal Cardinal’s assets and business records. Much of the costs were charges from an e-discovery vendor to collect and search electronically stored information (ESI) , including e-mails relating to Cardinal. The court denied the reimbursement request.

e-discovery 97

e-discovery Court e-records Litigation 97

Debevoise Data Blog

AUGUST 25, 2022

On 18 July 2022, the UK government published the Data Protection and Digital Information Bill (the “Bill”), which proposes reforms to the UK’s data protection and e-privacy landscape in-line with the National Data Strategy.

Data protection 52

Data protection e-records 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection e-records Compliance Court 52

Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 52

Data protection e-filing Court e-records 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

Legal IT Group

FEBRUARY 22, 2023

According to the Better Regulation Delivery Office, several years ago, the e-commerce market in Ukraine alone was worth about UAH 50 billion a year. Everyone with an account has authorized Meta Platforms to record all their activities on the site. But this is just the tip of the iceberg.

Data protection 52

Data protection Time-tracking e-filing e-records 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 Nonetheless, businesses that transfer personal data to the U.S. billion fine against Meta.

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

AUGUST 16, 2023

. : Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Data Privacy Framework (the “DPF”). Data Privacy Framework (the “DPF”).

Data protection 40

Data protection Analytics Compliance Time-tracking 40

Debevoise Data Blog

JANUARY 25, 2024

Sensitive personal data: The CJEU has clarified that the processing of special category personal data, such as health data, requires a legal basis under both GDPR Art. 6, meaning that businesses may wish to review their records of processing activities to ensure that both are reflected. 9 and GDPR Art. 6 and Art.

Data protection 40

Data protection Court e-records Compliance 40

Legal IT Group

JUNE 15, 2023

According to the GDPR – General Data Protection Regulation – residents of the European Union (“ EU ”) can send requests regarding their data to all legal and natural persons who process it. If the individual continues to receive emails after the data has been deleted, this will constitute a breach of the GDPR.

e-records 52

e-records Data protection e-filing Compliance 52

Debevoise Data Blog

OCTOBER 10, 2023

A foreign business not directly subject to GDPR may nevertheless be required to comply with GDPR restrictions if they have entered Standard Contractual Clauses or signed-up to the EU-US Data Protection Framework to facilitate the receipt of personal data. To subscribe to the Data Blog, please click here. What can you do?

Data protection 52

Data protection e-records Compliance Law 52

Debevoise Data Blog

JULY 31, 2023

Data Privacy Framework (the “DPF”). The decision enables businesses in Europe to transfer personal data to DPF-certified U.S. businesses without having to implement additional data protection safeguards. Data subjects may lodge complaints through both U.S.- UK and Swiss Data Transfers to the U.S.

Data protection 52

Data protection Dispute resolution e-filing e-records 52

Debevoise Data Blog

FEBRUARY 27, 2024

GDPR one-stop-shop: Businesses wishing to take advantage of the GDPR one-stop-shop system should take note of a new digest, published by the European Data Protection Board, which analyses the decisions made by so-called Lead Supervisory Authorities in this context.

Data protection 52

Data protection Compliance e-records Court 52

Berkley Technology Law Journal

NOVEMBER 18, 2022

Legislation empowers the European Commission to designate certain tech companies as gatekeepers and impose obligations on them in relation to data, advertising, e-commerce, interoperability, and the commercial relationships between the service providers customers and end users. One idea is the idea of data portability.

Law 40

Law Law Data protection Court 40

Berkley Technology Law Journal

NOVEMBER 18, 2022

Legislation empowers the European Commission to designate certain tech companies as gatekeepers and impose obligations on them in relation to data, advertising, e-commerce, interoperability, and the commercial relationships between the service providers customers and end users. One idea is the idea of data portability.

Law 40

Law Law Data protection Court 40

Debevoise Data Blog

JANUARY 14, 2022

27] Examples include the telemarketing sales rule, children’s online privacy protection rule, and health breach notification rule. [28] In order to bring an action under this provision, the FTC must establish that the defendant had actual or constructive knowledge ( e., RCG Advances LLC et al.,

Compliance 52

Compliance Court Litigator Litigation 52

Debevoise Data Blog

JANUARY 16, 2025

Department of Justice (DOJ) issued the Final Rule on Preventing Access to Sensitive Data, creating a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data to foreign adversaries deemed threats to U.S. Engaging in data-mapping exercises may alleviate this burden.

Compliance 52

Compliance Due diligence e-records Time-tracking 52