AI has great capability to both harm and to protect in a cybersecurity context. As with the development of any new technology, the benefits provided through correct and successful use of AI are inevitably coupled with the...more
2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
7/18/2023
/ Artificial Intelligence ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Corporate Counsel ,
Data Mapping ,
Data Privacy ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Information Reports ,
International Data Transfers ,
Privacy Framework ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Oversight ,
State Privacy Laws ,
Strategic Planning ,
Surveys ,
UK ,
UK Data Protection Act
Four years after GDPR was implemented, we are seeing the pillars of the internet business destroyed. Given two new EU decisions affecting the practical management of data, all companies collecting consumer data in the EU are...more
Most biometric readings require your presence in the same space as the measuring tools. Facial recognition, retinal capture, fingerprints or hand geometry, even biomarked scents are measured in close physical proximity. The...more
Hell hath no fury like a bureaucracy scorned. Do you know a person who insists on having his own way all the time and who wants to control your relationships with others? I hope not, but many of us do....more
Top 3 Takeaways -
On Friday, June 4, 2021, the European Commission adopted two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to “third...more
The movement to localize some or all of internet data has grown over the past five years as countries introduce new laws restricting data flows, and others try to boost local businesses by placing burdens on international...more
2/23/2021
/ Algorithms ,
Authoritarian Regimes ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Localization Law ,
EU-US Privacy Shield ,
Foreign Relations ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Schrems I & Schrems II ,
Surveillance ,
Technology Sector
Two weeks ago I collected the major recent anti-trust/competition lawsuits, by regulators and competitors alike, filed against U.S. big technology companies. My point was that, after a long fallow period where these giants...more
Definitions are important.
How we define words sets the context for how we regulate them. In the U.S., the definitions of legally defended private information are changing, affecting the entire scope of information...more
Some companies don’t seem to care about privacy compliance. They may not have the money to build a compliance regime. They may not believe in the laws or believe that the laws would ever be applied to them. They may just not...more
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework...more
For 25 years – since the introduction of Internet Explorer 2 – our browsers supported third-party cookie technology that formed the basis of internet advertising.
The cookie party is ending.
Tech lawyers and business...more
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
On August 1st, the Hamburg Commissioner for Data Protection and Freedom of Information announced that the Hamburg Data Protection Commission (HDPC) had opened an administrative procedure to prohibit Google from carrying out...more
A European privacy regulator has spoken on a key facet in its General Data Protection Regulation (GDPR) interpretation. The UK’s enforcement office apparently believes that an EU data subject cannot give consent to a...more
You may be paying for cyber insurance that will not cover the most significant cyber risks faced by your business.
Recent studies call into question whether a company can insure against the unprecedented huge fines for...more
9/20/2018
/ Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
Extraterritoriality Rules ,
Fines ,
General Data Protection Regulation (GDPR) ,
Member State ,
Popular
We are on the cusp of a revolution. While wealth managers have used computers to streamline complex analysis and to simplify customer service, the next wave of computational tools is already upon us. Artificial intelligence...more
Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative...more
8/16/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
6 Months To Go The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees...more
11/30/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
For retailers, speed and efficiency in supply chains are paramount. With the possibility of a "hard" or "no deal" Brexit, retailers must adapt to a new operating environment. The UK government is exploring the potential for...more
11/15/2017
/ AEO ,
Blockchain ,
Cross-Border Transactions ,
Customs and Border Protection ,
Cybersecurity ,
Distributed Ledger Technology (DLT) ,
General Data Protection Regulation (GDPR) ,
GPS ,
Internet of Things ,
Popular ,
Port Authority ,
Retailers ,
Singapore ,
Theresa May ,
UK Brexit ,
Websites
7 Months To Go -
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or...more
11/1/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor...more
10/27/2017
/ Contract Amendments ,
Cybersecurity ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
Personal Data ,
Third-Party Service Provider ,
Vendors ,
Written Consent
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more