CJEU: Special Category Data Just Got More Complicated -
On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
8/19/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Do Not Call List ,
EU ,
FCC ,
General Data Protection Regulation (GDPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Scams ,
UK ICO
This OnPoint summarises and draws together the proposals forming part of the EU’s strategies for data, digital and artificial intelligence. This is the first in a series of Dechert OnPoints that will cover these proposals in...more
8/11/2022
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Digital Marketplace ,
Digital Services ,
EU ,
European Digital Strategy ,
Innovative Technology ,
Internet ,
Online Advertisements ,
Popular
California Privacy Protection Agency Proposes CPRA Regulations as the ADPPA Continues to Advance in Congress -
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) filed a Notice of Proposed Rulemaking...more
7/22/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Digital Markets Strategy ,
Digital Services ,
Fair Credit Reporting Act (FCRA) ,
Proposed Regulation
Clearview AI Settles Biometric Data Privacy Suit with ACLU -
On May 9, 2022, Clearview AI, Inc. (“Clearview”) and the American Civil Liberties Union (“ACLU”) announced an agreement to settle a lawsuit involving Clearview...more
5/27/2022
/ American Civil Liberties Union (ACLU) ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Clearview AI ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
Malware ,
Managed Service Providers (MSPs) ,
Popular ,
Regulatory Reform
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
2/7/2022
/ Belgium ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
International Data Transfers ,
Marketing ,
Personal Data ,
Statutory Violations
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments
Introduction -
The European Commission (EC) on April 21, 2021, proposed a regulation establishing a framework and rules (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems. ...more
11/16/2021
/ Algorithms ,
Artificial Intelligence ,
Assessment ,
Biometric Information ,
Critical Infrastructure Sectors ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
The value of the global medicinal cannabis market is projected to reach US$62.7 billion by 2024, with over US$22 billion of that market generated by Europe and an estimated excess of £2 billion likely to be generated in the...more
6/29/2021
/ Cannabis-Related Businesses (CRBs) ,
Financial Conduct Authority (FCA) ,
Investment ,
Investment Funds ,
Investors ,
London Stock Exchange ,
Marijuana ,
Marijuana Related Businesses ,
Medical Marijuana ,
Popular ,
UK
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
Introduction - The European Commission’s (EC) proposed regulation (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems establishes rules for the development, placement on the EU market, and use of AI....more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, has recently issued guidance outlining its approach to the enforcement of data protection obligations during the COVID-19 pandemic....more
4/27/2020
/ Coronavirus/COVID-19 ,
Data Breach ,
Data Protection ,
Enforcement ,
Fines ,
Investigations ,
New Guidance ,
Notification Requirements ,
Relief Measures ,
Subject Access Request (SAR) ,
UK ,
UK ICO
Many workers and employers are adjusting to remote working as a result of the COVID-19 pandemic. That shift has created a unique opportunity for cyber-attackers and criminals – the European Union Agency for Cybersecurity has...more
4/3/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Encryption ,
Multi-Factor Authentication ,
Phishing Scams ,
Policies and Procedures ,
Remote Working ,
Risk Management ,
Software ,
Virtual Private Networks
The United Kingdom (“UK”) left the European Union (“EU”) on 31 January 2020 and entered into a transition period that is due to end on 31 December of this year. During this period, the UK remains subject to EU laws and rules,...more
Employers’ primary concern at this time will be the health and safety of their employees in the wake of what has been declared a global pandemic by the World Health Organization. However, employers should still have regard to...more
In a recently published blog, the Information Commissioner’s Office (“ICO”) provided an update on its review of the adtech sector and noted that, whilst two key organisations are starting to make changes and many have engaged...more
2/18/2020
/ Adtech ,
Advertising ,
Consent ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet Auctions ,
Media ,
Personally Identifiable Information ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Public Bidding ,
Technology Sector ,
Transparency ,
UK ,
UK ICO
The Advocate General (AG) says the standard contractual clauses (SCCs) are valid but, where circumstances in the destination third country mean the SCCs would be breached or impossible to abide by, there is an obligation on...more
12/23/2019
/ Actual or Constructive Knowledge ,
Advocate General ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Duty of Care ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Importers ,
International Data Transfers ,
Personal Liability ,
Personally Identifiable Information ,
Popular ,
Prohibited Transactions ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Supervisors ,
Trade Suspensions
With a “no-deal” scenario looking increasingly more likely, what steps should businesses be taking in relation to their data protection compliance regimes to prepare for 31 October this year?...more
9/20/2019
/ Compliance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
UK Brexit ,
Withdrawal Agreement