U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
EU institutions are aiming to reach an agreement on the final form AI Act through ongoing trilogue negotiations by the end of 2023.
The AI Act takes a risk-based approach and categorises AI systems into four risk levels:...more
A key pillar of the EU’s overhaul of the digital economy, the Digital Services Act (“DSA”), aims to harmonise rules for online intermediaries. It includes numerous new obligations for those businesses in scope which scale up...more
FBI Seizes Hive Ransomware Servers—Blocks US$130 Million in Demanded Ransoms -
On January 26, Attorney General Merrick Garland announced that the Department of Justice dismantled the “Hive” ransomware group, which had...more
2/3/2023
/ Biden Administration ,
Big Tech ,
California Consumer Privacy Act (CCPA) ,
Cookie Banners ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Extortion ,
FBI ,
Investigations ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Ransomware
SEC Division of Examinations Issues Risk Alert on Regulation S-ID and Identity Theft Prevention Programs -
On December 5, 2022, the Securities and Exchange Commission (“SEC”) Division of Examinations (“EXAMS”) issued a...more
12/16/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
American Civil Liberties Union (ACLU) ,
Artificial Intelligence ,
Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Investment Adviser ,
Minors ,
Online Safety for Children ,
Personal Data ,
Policies and Procedures ,
Proposed Legislation ,
Regulation S-ID ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
SolarWinds
CJEU: Special Category Data Just Got More Complicated -
On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
8/19/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Do Not Call List ,
EU ,
FCC ,
General Data Protection Regulation (GDPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Scams ,
UK ICO
This OnPoint summarises and draws together the proposals forming part of the EU’s strategies for data, digital and artificial intelligence. This is the first in a series of Dechert OnPoints that will cover these proposals in...more
8/11/2022
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Digital Marketplace ,
Digital Services ,
EU ,
European Digital Strategy ,
Innovative Technology ,
Internet ,
Online Advertisements ,
Popular
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
2/7/2022
/ Belgium ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
International Data Transfers ,
Marketing ,
Personal Data ,
Statutory Violations
A recent UK Court of Appeal decision highlights ongoing uncertainty regarding the jurisdictional reach of the GDPR and invites intervention from the Information Commissioner’s Office. ...more
1/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
UK
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
Introduction -
The European Commission (EC) on April 21, 2021, proposed a regulation establishing a framework and rules (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems. ...more
11/16/2021
/ Algorithms ,
Artificial Intelligence ,
Assessment ,
Biometric Information ,
Critical Infrastructure Sectors ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
Introduction - The European Commission’s (EC) proposed regulation (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems establishes rules for the development, placement on the EU market, and use of AI....more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
With a “no-deal” scenario looking increasingly more likely, what steps should businesses be taking in relation to their data protection compliance regimes to prepare for 31 October this year?...more
9/20/2019
/ Compliance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
UK Brexit ,
Withdrawal Agreement
With a “no-deal” scenario looking increasingly more likely, what should brand owners be doing to prepare for 31 October this year?
EU trade marks in the UK -
Once the UK leaves the EU, existing EU trade marks (EUTMs)...more
9/13/2019
/ Corporate Branding ,
EU ,
European Union Intellectual Property Office (EUIPO) ,
European Union Trade Mark (EUTM) ,
Injunctive Relief ,
IP License ,
No-Deal Brexit ,
Non-Use of Trademarks ,
Personal Brands ,
Revocation ,
Trademark Application ,
Trademark Infringement ,
Trademark Registration ,
Trademarks ,
UK ,
UK Brexit ,
UK Intellectual Property Office (UK IPO)
On 23 January 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the EU General Data Protection Regulation (“GDPR”) and the EU Clinical Trials Regulation (“CTR”). The CTR is not yet...more
2/23/2019
/ Business Necessity ,
Clinical Trials ,
Consent ,
Data Controller ,
Data Protection ,
EU ,
EU Clinical Trials Regulation (CTR) ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Life Sciences ,
Medical Necessity ,
Medical Research ,
New Regulations ,
Patient Privacy Rights ,
Personal Data ,
Privacy Laws ,
Public Interest ,
Scientific Research ,
Withdrawal
Further to our previous OnPoint “No Deal” Brexit and its Implications for Data Protection, the European Commission has given an update on its “no deal” Brexit contingency planning in a communication published on November 13,...more