New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data -
On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
8/19/2024
/ Biometric Information Privacy Act ,
Data Protection ,
Enforcement ,
European Commission ,
European Parliament ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Illinois ,
Information Commissioner's Office (ICO) ,
Informed Consent ,
Minor Children ,
Personal Information ,
Settlement ,
Social Media ,
State Data Privacy Laws ,
Tracking Systems ,
UK
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
European Data Protection Board Publishes Strategy for 2024-27 -
The European Data Protection Board (“EDPB” - the EU body tasked with promoting consistency and cooperation in enforcement of the GDPR) has outlined its...more
5/6/2024
/ Artificial Intelligence ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Enforcement ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Machine Learning ,
Penalties ,
Personal Data ,
Reproductive Healthcare Issues ,
Transparency ,
UK
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
On 10 July 2023, the European Commission announced a major development1 in EU-U.S. personal data transfer relations by adopting a long-anticipated adequacy decision2 for the EU-U.S. Data Privacy Framework (“DPF”). The...more
7/12/2023
/ Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Policies and Procedures ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Proposed EU-U.S. Data Privacy Framework Faces Potential Obstacles -
On February 14, 2023, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP Committee”) released a draft opinion...more
A key pillar of the EU’s overhaul of the digital economy, the Digital Services Act (“DSA”), aims to harmonise rules for online intermediaries. It includes numerous new obligations for those businesses in scope which scale up...more
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
CJEU: Special Category Data Just Got More Complicated -
On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
8/19/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Do Not Call List ,
EU ,
FCC ,
General Data Protection Regulation (GDPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Scams ,
UK ICO
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
2/7/2022
/ Belgium ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
International Data Transfers ,
Marketing ,
Personal Data ,
Statutory Violations
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
We are delighted by the positive feedback we have received on our first two issues of Dechert Cyber Bits. Thank you for taking the time to send us your comments. In this issue of Cyber Bits, we discuss key developments from...more
11/19/2021
/ Class Action ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Ransomware ,
Vulnerability Assessments
Introduction -
The European Commission (EC) on April 21, 2021, proposed a regulation establishing a framework and rules (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems. ...more
11/16/2021
/ Algorithms ,
Artificial Intelligence ,
Assessment ,
Biometric Information ,
Critical Infrastructure Sectors ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The United Kingdom (“UK”) left the European Union (“EU”) on 31 January 2020 and entered into a transition period that is due to end on 31 December of this year. During this period, the UK remains subject to EU laws and rules,...more
Employers’ primary concern at this time will be the health and safety of their employees in the wake of what has been declared a global pandemic by the World Health Organization. However, employers should still have regard to...more
In a recently published blog, the Information Commissioner’s Office (“ICO”) provided an update on its review of the adtech sector and noted that, whilst two key organisations are starting to make changes and many have engaged...more
2/18/2020
/ Adtech ,
Advertising ,
Consent ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet Auctions ,
Media ,
Personally Identifiable Information ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Public Bidding ,
Technology Sector ,
Transparency ,
UK ,
UK ICO
The Advocate General (AG) says the standard contractual clauses (SCCs) are valid but, where circumstances in the destination third country mean the SCCs would be breached or impossible to abide by, there is an obligation on...more
12/23/2019
/ Actual or Constructive Knowledge ,
Advocate General ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Duty of Care ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Importers ,
International Data Transfers ,
Personal Liability ,
Personally Identifiable Information ,
Popular ,
Prohibited Transactions ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Supervisors ,
Trade Suspensions
With a “no-deal” scenario looking increasingly more likely, what steps should businesses be taking in relation to their data protection compliance regimes to prepare for 31 October this year?...more
9/20/2019
/ Compliance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
UK Brexit ,
Withdrawal Agreement