On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications…
The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…
European Data Protection Roundup – October 2021 Key takeaways this October include: Liability for excessive security footage: The need to ensure security systems are configured appropriately to minimise the scope…
European Data Protection Roundup – September 2021 Key takeaways this September include: Transparency: The importance of providing individuals sufficient information to enable them to understand how their personal data is…
Key takeaways from developments this August include: Indications of what the UK’s post-Brexit data transfer arrangements might look like – companies transferring data from the UK will want to follow…
European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s…
The big news in June were the EU Standard Contractual Clauses for cross-border data transfers to non-EEA countries. There were also significant developments for companies engaging in employee surveillance, ad…
What’s happened? The European Commission has finalised its new standard contractual clauses (“SCCs”) for the transfer of personal data from EEA member states to the many “third countries” – most…
May saw useful reminders for companies, including: (i) the need to appoint an EU – and/or UK – representative if caught by the (UK) GDPR’s extraterritorial effect; (ii) that regulators…
The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that…