July was a busy month for data protection in the EU and UK.  While the long-awaited Schrems II decision captured the most headlines, data protection authorities (“DPAs”) and Member State courts have been busy too.  We cover here some of the highlights, ranging from a €16.7m fine in Italy – the fourth largest GDPR penalty to date – to court…

On August 6, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, had an insightful conversation about the FTC’s recent guidance on Using Artificial Intelligence and Algorithms, including: The FTC’s enforcement authority related to AI and automated decision-making technologies, including…

As covered in our previous blog post, the CJEU has invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data from the EU to the U.S. (the “Schrems II” decision) and cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (“SCCs”) to transfer EU personal data to the U.S., or to other…

On July 23, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Haimera Workie, the Head of Financial Innovation and Senior Director of FINRA’s Office of Financial Innovation, had an insightful conversation about FINRA’s recent report on Artificial Intelligence in the Securities Industry, including: How AI and machine learning are currently…

The New York State Department of Financial Services (“DFS”) issued a Statement of Charges and Notice of Hearing (the “Charges”) earlier today against First American Title Insurance Company (“First American”) for multiple violations of the DFS Part 500 Cybersecurity Regulation (the “Regulation”), including: Failure to perform an adequate risk assessment Failure to maintain proper access controls Failure to provide adequate security…