Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…
Introduction On December 20, 2024, the Federal Trade Commission (the “FTC”) finalized a consent agreement (“Consent Order”) with Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC…
Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft…
On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track…
Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…
Key takeaways from December include: Concept of non-material damage under GDPR: In an expansive reading of the right to compensation under GDPR, a data subject’s fear that their personal data…
As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2023 by page views. If you are not already…
As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations,…
U.S. state privacy continues to be at the forefront of legislative and policymaking activity. Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act…
On May 10−12, 2023, the National Association of Attorneys General (the “NAAG”) held its Spring 2023 Consumer Protection Conference to discuss the intersection of consumer protection issues and technology. During…