X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
NSA and CISA Release Report on “Top Ten” Cybersecurity Misconfigurations; CISA Calls for Software Manufacturers to Implement Best Practices -
On October 5, 2023, the United States National Security Agency (NSA) and...more
10/20/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Investigations ,
Law Enforcement ,
Manufacturers ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Settlement ,
Software ,
UK ICO
The UK has approved the UK-U.S. Data Bridge facilitating flows of personal data to U.S. entities that have self-certified to the EU-U.S. Data Privacy Framework (‘DPF’), provided that those entities extend their DPF...more
9/25/2023
/ Compliance ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Safe Harbors ,
Schrems I & Schrems II ,
UK ,
UK GDPR
FTC Finalizes Settlement with 1Health.io For Allegations It Failed to Protect Customers’ DNA Data -
On September 6, 2023, the Federal Trade Commission’s agreement with the genetic testing firm 1Health.io Inc. – formerly...more
9/25/2023
/ Background Checks ,
California ,
California Consumer Privacy Act (CCPA) ,
Consent Agreements ,
Consumer Reporting Agencies ,
Data Brokers ,
Data Collection ,
Data Security ,
Data-Sharing ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Information Commissioner's Office (ICO) ,
Law Enforcement ,
New Legislation ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Settlement ,
UK ,
UK GDPR
The EU General Court has overruled the European Data Protection Supervisor and held that pseudonymised data will not be personal data for the purposes of EU data protection law when transferred to a recipient that is unable...more
SEC Proposes and Seeks Comments on New Cybersecurity Rules -
At an open meeting on February 9, 2022, the Securities and Exchange Commission (“SEC”) voted three-to-one to propose new and amended rules regarding cybersecurity...more
2/25/2022
/ Asset Management ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
EDPS ,
International Data Transfers ,
Personal Data ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Registered Investment Companies (RICs) ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Spyware
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Key Takeaways -
A new draft EU Regulation aims to encourage the sharing and re-use of data and foster a data-driven economy that shares the benefits of Big Data whilst respecting individuals’ rights in personal data and...more
The new EU-UK Trade and Cooperation Agreement (the “Trade Agreement”) came into effect on 1 January 2021. There are now two versions of the GDPR: the existing EU regime (the “EU GDPR”) and the new ‘UK GDPR’ which applies an...more
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Information Commissioner’s Office (ICO), the UK’s data protection authority, has recently published updated guidance on an individual’s right to access their personal data. This OnPoint considers the key issues arising...more
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
The United Kingdom (“UK”) left the European Union (“EU”) on 31 January 2020 and entered into a transition period that is due to end on 31 December of this year. During this period, the UK remains subject to EU laws and rules,...more
The European Commission has issued an "adequacy decision" in respect of Japan reducing the regulatory burden of transferring personal data from the EU to Japan. Japan has made an equivalent decision for transfers to the EU....more
1/31/2019
/ Adequacy Requirement ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Japan ,
Mutual Recognition Agreement ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK Brexit
In anticipation of Brexit, the U.S. Department of Commerce (“DOC”) has published steps it expects to be taken by businesses that rely on Privacy Shield to transfer personal data from the UK to the U.S....more
1/15/2019
/ EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Brexit ,
x
The prospect of the UK leaving the European Union without a formal agreement in place seems increasingly possible. Businesses need to increase their preparations for a "no deal" scenario and these preparations should include...more
10/8/2018
/ Binding Corporate Rules ,
Consent ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
Article 30 of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, places an obligation upon data controllers and processors to keep internal records of data processing activities. The data...more
The Irish High Court recently asked the Court of Justice of the European Union (CJEU) to rule on the validity of “standard contractual clauses” as a basis for transferring personal data out of the European Economic Area...more
10/11/2017
/ Court of Justice of the European Union (CJEU) ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
Ireland ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Validity