Key takeaways from September include: UK-US data bridge: From 12 October 2023, UK businesses will be able to transfer personal data to certain US organisations certified under a UK-specific extension…
Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest…
We have written several times about the need for companies to reduce the amount of data that they collect and to get rid of old data. Data minimization lowers the…
As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2022 by page views. If you are not already…
On June 21, 2022, the House Energy and Commerce Committee formally introduced a new federal privacy bill: the American Data Privacy and Protection Act (“ADPPA”). Notably, the ADPPA has diverse…
Since we last wrote about data minimization, there have been several regulatory developments that illustrate the increasing operational and regulatory risks of keeping large volumes of old data. As cyber…
Key takeaways from developments this August include: Indications of what the UK’s post-Brexit data transfer arrangements might look like – companies transferring data from the UK will want to follow…
Since the implementation of the California Consumer Privacy Act (“CCPA”) 18 months ago, more than 75 lawsuits have been filed seeking damages using the Act’s private cause of action. The CCPA…
The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that…
Our three previous articles in this series on the future of AI regulation have discussed the RFI on AI issued by U.S. banking regulators, the draft EU AI regulation, and…