Enforcement – Debevoise Data Blog

CCPA

Privacy Enforcement: Shift Toward Cookie Consent?

By: Avi Gesser, Johanna Skrzypczyk, Melyssa Eigen, Ned Terrace and Michelle Shen April 24, 2025

On March 12, 2025, the California Privacy Protection Agency (the “CPPA”) announced a decision and stipulated final order stemming from its investigation of the American Honda Motor Company’s (the “Company”…

Artificial Intelligence

European Data Protection Roundup – February 2025

By: Robert Maddox, Michiko Wongso, Samuel Thomson, Jeevika Bali, Christina Newall, Olivia Halderthay, Mia Hermann and Dominic O'Leary March 31, 2025

Our top-five European data protection developments from February are: European Commission publishes guidelines on prohibited AI practices: The EU Commission has published non-binding guidance on the EU AI Act’s prohibited…

Artificial Intelligence

SEC’s Focus on Cyber and AI to Continue Under Trump Administration

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Jeff Robins, Julie M. Riewe, Kristin Snyder and Cameron Sharp February 21, 2025

On February 20, 2025, the SEC announced the creation of the Cyber and Emerging Technologies Unit (“CETU”) to focus on “combatting cyber-related misconduct and to protect retail investors from bad…

Enforcement

FTC’s Consent Order Against Marriott: Expectations for Reasonable Security

By: Erez Liebermann, Jim Pastore, Christopher S. Ford, Michael Bloom, Mengyi Xu, Achutha Raman and Michelle Shen January 30, 2025

Introduction On December 20, 2024, the Federal Trade Commission (the “FTC”) finalized a consent agreement (“Consent Order”) with Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC…

Artificial Intelligence

European Data Protection Roundup – Q4 2024

By: Robert Maddox, Johanna Skrzypczyk, Aisling Cowell, Stephanie Thomas, Michiko Wongso, Richard Blomqvist, Olivia Halderthay, Mia Hermann, Jeevika Bali, Samuel Thomson, Alexander McGinley, Christina Newall and Oliver Binns January 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act, introducing cybersecurity requirements…

Artificial Intelligence

Cyber Whistleblower Leads to DOJ Civil Settlement

By: Avi Gesser, Luke Dembosky, Andrew M. Levine, Erez Liebermann, Jim Pastore, Stephanie Cipolla and Michelle Shen November 4, 2024

On October 22, 2024, the U.S. Department of Justice (“DOJ”) announced that The Pennsylvania State University (“Penn State”), a public university in University Park, Pennsylvania, agreed to pay $1.25 million…

Enforcement

SEC Charges Four Companies for Misleading Cyber Disclosures

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly, Anna Moody, Kelly Donoghue, Ciera Mandelsberg and Noah L. Schwartz October 28, 2024

On October 22, 2024, the U.S. Securities and Exchange Commission (the “SEC”) announced settled charges in separate actions against four technology companies—Avaya Holdings Corp. (“Avaya”), Check Point Software Technologies Ltd.…

Cybersecurity

ICO Dawn Raids: How to respond and what you can do to prepare – An FAQ

By: Robert Maddox and Aisling Cowell September 25, 2024

In the UK, unannounced inspections of businesses’ premises, or “dawn raids”, are most often associated with authorities such as the Serious Fraud Office, National Crime Agency, Competition and Markets Authority…

Artificial Intelligence

European Data Protection Roundup – August 2024

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Deniz Tanyolac, Oliver Binns, Anna Chirniciuc, Olivia Halderthay and Samuel Thomson September 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European…