Avoid confusion between these two important privacy assessments and learn which is best for protecting your data. Keeping data and customer personal information (PI) secure is becoming more difficult by the day....more
The GDPR contains plenty of requirements, penalties, obligations, rights, and definitions—but it doesn’t contain a specific template for DPIAs, or data protection impact assessments. If you’re struggling to identify...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
The very definition of generative AI suggests the creation of new content based on a program training on existing data, a recipe that necessarily raises potential U.S. and EU data privacy issues, not to mention related...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
The Cybersecurity Law ("CSL"), Personal Information Protection Law ("PIPL"), and Data Security Law ("DSL") of the People's Republic of China (the "PRC") introduced a security assessment of the outbound transfer of important...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
FCC Seeks Public Comment on the Current and Future Regulation of the “Internet of Things” - The FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of...more
On 10 September 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a...more
On 19 February 2021, CNIL released guidance on the use of chatbots in compliance with data protection law (the Guidelines). The CNIL notes that in order to operate the chatbots, controllers will often need to process personal...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the National Institute of Standards and Technology's four principles of the "explainability" of artificial intelligence and the U.K. Information...more
The French Data Protection Authority (CNIL) published new Guidelines (French only) on December 10, 2019 applicable to whistleblowing schemes, following a public consultation process. The Guidelines replace the former Single...more
We heard recently from French Data Protection Authority CNIL on the topic of Data Protection Impact Assessments (DPIAs). Now, Ireland’s Data Protection Commission has issued its own Guidance Note on DPIAs under The General...more
Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance. Key takeaways for controllers: General...more
Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection...more
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now. As a...more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection. Key takeaways: Before using a development tool, especially for personal data, read the...more
The Luxembourg data protection authority (CNPD) has published a list of processing activities triggering a mandatory data protection impact assessment (DPIA) following review by the European Data Protection Board (EDPB)....more
A Data Protection Impact Assessment (DPIA) is a process, required by the EU General Data Protection Regulation (GDPR), to help identify and minimize the data protection risks of a project....more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
Features - Updates on the GDPR and EU - German DPAs Issue DPIA Blacklists; Many Companies Likely to Be Affected - One of the GDPR’s core going-forward obligations is the duty to conduct data protection impact assessments...more