NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Compliance Perspectives: The Privacy and Data Security Track at the 2020 Compliance & Ethics Institute
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
E14: The Three Pillars of GDPR
E12: GDPR Article 22 and Automated Decision Making
Whether submitted by a ‘cookie troll’ — an individual who systematically triggers consent mechanisms to generate compensation claims — or by someone using the process for what seems like collateral purposes, the phenomenon...more
As the year draws to a close, reform of the data subject access request (DSAR) regime in the EU and the UK may turn out to be a welcome gift for organisations grappling with complex access requests....more
The Commission’s proposals may present far-reaching implications for companies operating in the EU’s digital landscape....more
On September 4 2025, the Court of Justice of the European Union (CJEU) delivered its judgment in IP v Quirin Privatbank AG, C-655/23. The ruling addresses remedies for GDPR infringements, considering whether data subjects can...more
If you’re not accustomed to handling data subject access requests (DSARs), then it’s understandable if you feel a bit nervous about responding. After all, there are all sorts of legal requirements involved and the potential...more
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
As new state data privacy laws continue to emerge and existing ones evolve, businesses face increasing complexity in maintaining compliance. Our Second Annual Data Privacy Forum focuses on key state privacy laws and explores...more
With more privacy laws to keep track of in 2025, you may be expecting a bigger workload than last year. That doesn’t have to be the case. Join Osano’s Cait Ward and Chris Simpson to learn about new tips and features that...more
Comprehensive consumer privacy laws are rapidly expanding across the United States, significantly impacting PEOs. Currently, 19 states have enacted privacy laws, with eight already in effect and 11 set to take effect between...more
Four years after the Brazilian General Data Protection Law (LGPD) came into force, Brazil’s Superior Court of Justice (STJ) recently issued a list of precedents exploring how the court applied the law and addressed the...more
As of September 22, 2024, the final provision of Law 25, An Act to modernize legislative provisions as regards the protection of personal information will take effect, establishing a new right to data portability for...more
Navigating the stringent requirements of data subject access requests (DSARs) can feel like summitting a mountain—the path forward isn’t always clear, pitfalls abound, and you’re fighting gravity all the way....more
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
An in-depth exploration of Data Subject Access Request (DSAR) workflows and discover best practices for managing privacy requirements efficiently and effectively. In this educational webinar, we'll delve into the intricacies...more
Join our enlightening webinar to explore the critical role of data discovery in constructing a comprehensive and accurate data inventory, essential for streamlining privacy compliance and enhancing data governance. In this...more
Authorities opened an investigation after Uber drivers in France sent complaints to the French privacy protection commission, the CNIL. The CNIL transferred the handling of the complaints to the Dutch Data Protection...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
On 12 October the UK–U.S. “data bridge” becomes operational, providing an additional, compliant route for UK-outbound transfers of personal data to U.S. organisations that are EU-U.S. Data Privacy Framework members. UK...more
GDPR compliance can be tricky. Even if you summon the willpower to read through the law’s text, it can be tough to know where to start. As an alternative to pouring through the GDPR’s legalese, one way to establish a...more
This is Part Eight in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches. ...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
The road to the adoption of a lasting framework for EU-U.S data transfers has been anything but smooth. Much like its predecessor, Safe Harbor, the EU-U.S Privacy Shield met its end in 2020 when the Court of Justice of the...more