The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post-Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here).  In case you missed them while trying to solve the data transfer conundrum, here are ten more enforcement…

On December 17, 2020 at 12:00pm ET, Luke Dembosky and Anna Gressel from Debevoise’s Data Strategy and Security Group were joined by William Roberts, Acquisitions Chief for the U.S. Joint Artificial Intelligence Center, and Matti Neustadt Storie, Director of Privacy and Data Security for NetApp, for an insightful panel on “Artificial Intelligence and Government Contracting – Emerging Issues and Considerations,”…

On November 16-17, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group joined AI thought leaders from around the globe at “The Athens Roundtable on Artificial Intelligence and the Rule of Law.”  During the Roundtable, Avi and Anna were joined by Edward Stroz of Stroz Friedberg for an insightful panel on “Supervising AI: The Role of Corporate…

The European Data Protection Board (“EDPB”) recently published new guidance on how companies can validly transfer EU personal data to the many countries that have not been deemed by the EU Commission to generally provide an adequate level of data protection – most notably the U.S. (so called “third countries”). The guidance has particularly important implications for companies that transfer…

EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. As a result, each new enforcement action by EU data protection authorities provides guidance as to what the GDPR requires for “appropriate technical or organisational measures” to safeguard personal data. We summarise here the lessons…