X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
As we begin the new year, we offer this special edition with predictions for 2024 from members of the Cyber Bits Partner Committee. Regardless of what happens in 2024, we renew our commitment to keep you informed of the...more
1/8/2024
/ Artificial Intelligence ,
Biometric Information ,
China ,
Consumer Privacy Rights ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
Machine Learning ,
Popular ,
Regulation S-P ,
Risk Management ,
Securities and Exchange Commission (SEC)
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
A key pillar of the EU’s overhaul of the digital economy, the Digital Services Act (“DSA”), aims to harmonise rules for online intermediaries. It includes numerous new obligations for those businesses in scope which scale up...more
What is in store for Privacy and Cybersecurity in 2023 -
As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
12/30/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Infrastructure ,
Investment Adviser ,
Popular ,
Privacy Laws ,
Privacy Legislation ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
UK ,
Whistleblowers
This OnPoint summarises and draws together the proposals forming part of the EU’s strategies for data, digital and artificial intelligence. This is the first in a series of Dechert OnPoints that will cover these proposals in...more
8/11/2022
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Digital Marketplace ,
Digital Services ,
EU ,
European Digital Strategy ,
Innovative Technology ,
Internet ,
Online Advertisements ,
Popular
1. Upsides of Arbitration on Shareholder Disputes over Litigation before Civil Courts -
Generally, shareholder disputes in German law companies are subject to litigation before ordinary civil courts. If shareholders wish...more
EU Parliament Adopts Amended Digital Services Act by a Wide Margin -
On January 21, 2022, the members of the EU Parliament approved by a large majority (77%) an amended draft of the Digital Services Act (“DSA”)....more
2/11/2022
/ Cloud Service Providers (CSPs) ,
Cybersecurity ,
Digital Service Providers ,
Digital Services ,
EU ,
Facial Recognition Technology ,
Financial Institutions ,
Google ,
Income Taxes ,
Internet ,
IRS ,
Online Platforms ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Tracking Systems ,
Unfair or Deceptive Trade Practices
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their own purposes (the “Guidance”)....more
1/28/2022
/ CNIL ,
Data Breach ,
Data Management ,
Data Processors ,
Data Protection ,
EU ,
FCC ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Reform ,
Regulatory Standards
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their purposes (“Guidance”). This the most recent guidance of a major EU regulator on a...more
Few things are certain, but it is indisputable that in 2022 data will remain big; data driven technologies will create unparalleled opportunity and risk; the frequency and sophistication of cyberattacks will shatter...more
1/7/2022
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
International Data Transfers ,
Machine Learning ,
Popular ,
Ransomware ,
Regulatory Agenda ,
Section 5
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
This OnPoint summarizes key provisions of the European Commission's Proposed Regulation on Artificial Intelligence and offers some practical takeaways and strategic considerations for impacted organizations. Given the...more
On 10 February 2021, over two and a half years after the anticipated adoption of the e-Privacy Regulation, European Member States have agreed to a revised text. Portending a potential break in the three-year impasse, the...more
2/17/2021
/ Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Member State ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Regulatory Requirements
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The COVID-19 coronavirus pandemic is currently forcing employers to rethink their usual working practices and adjust those practices to challenging circumstances. As a result, the number of employees working from home has...more
Over a year following enactment of the U.S. “Clarifying Lawful Overseas Use of Data” or CLOUD Act, significant questions remain unanswered about the law and its potential impact on global investigations involving cloud stored...more
7/22/2019
/ Bilateral Agreements ,
CLOUD Act ,
Cloud Service Providers (CSPs) ,
Cloud Storage ,
Comity ,
Crime (Overseas Production Orders) Act 2019 (the COPO Act) ,
Criminal Investigations ,
Customer Information ,
Department of Justice (DOJ) ,
ECPA ,
Electronically Stored Information ,
EU ,
Extraterritoriality Rules ,
France ,
International Litigation ,
International Treaties ,
Law Enforcement ,
Qualified Foreign Governments (QFGs) ,
Self-Reporting ,
Stored Communications Act ,
Subpoenas ,
UK ,
Warrants ,
White Papers
The German antitrust authority (FCO) has ordered Facebook to stop collecting data outside Facebook’s platform without the user’s “voluntary consent.” The decision breaks new ground because it links data protection and...more
2/8/2019
/ Abuse of Dominance ,
Antitrust Investigations ,
Antitrust Violations ,
Competition Authorities ,
Data Collection ,
Data Protection ,
Facebook ,
Federal Cartel Office (the FCO) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Instagram ,
Monopolization ,
Prior Express Consent ,
WhatsApp ,
Without Consent
The first sanction taken in application of the General Data Protection Regulation (GDPR) in France was issued by the French data protection authority (the "CNIL") on January 21, 2019 against Google LLC....more
2/8/2019
/ CNIL ,
Compliance ,
Data Breach ,
Data Protection Authority ,
Enforcement Actions ,
Fines ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
Personal Data ,
Sanctions ,
Uber
The CLOUD Act resolves the central issue in United States v. Microsoft — U.S. law enforcement agencies now have explicit legal authority to obtain electronic data from U.S. cloud and communication companies regardless of...more
4/16/2018
/ CLOUD Act ,
Cloud Service Providers (CSPs) ,
Cloud Storage ,
Criminal Investigations ,
Data Privacy ,
Electronic Communications ,
Electronically Stored Information ,
Extraterritoriality Rules ,
Foreign Governments ,
General Data Protection Regulation (GDPR) ,
International Litigation ,
Law Enforcement ,
Motions to Quash ,
New Legislation ,
Search Warrant ,
Stored Communications Act ,
Subpoenas ,
US v Microsoft
An immense volume of personal data (or personally identifiable information) is proliferating and flowing throughout the world. Personal data is an incredibly valuable asset to companies but data protection and privacy laws...more
3/13/2018
/ Consent ,
Contract Terms ,
Data Controller ,
Data Mapping ,
Data Protection Officers (DPOs) ,
Employee Training ,
Employer Liability Issues ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Relationships
The German Federal Court issued a series of groundbreaking rulings on July 4, 2017. Arrangement fee clauses in German law loan agreements are invalid if they are included in general terms and conditions set by the lender....more
On 27 April 2016, following a prolonged legislative process over some four years, the European Council and Parliament finally adopted a new data protection law: the General Data Protection Regulation (GDPR). The GDPR was...more