Today the Court of Justice of the European Union (CJEU), the EU’s highest court, invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data.  The CJEU’s decision also cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (SCCs) to transfer EU personal data to the U.S., or to other jurisdictions with similarly…

France’s supreme court for administrative matters, the Council of State (Conseil d’Etat), has upheld the €50 million fine imposed on Google LLC by the French data protection authority, the Commission Nationale Informatique et Libertés (the “CNIL”), for breaches of the General Data Protection Regulation (the “GDPR”). Google LLC is the California-based, Delaware-incorporated entity that serves as the main Google operating…

On July 7, 2020, Avi Gesser and Mengyi Xu from Debevoise’s Data Strategy & Security Group, along with their special guests, Luke Tenery and Joe Shepley of Ankura, had a insightful discussion on how companies can identify and reduce the risks associated with employee credential security, including: Making sure that furloughed and departing employees do not have access to confidential…

In a recent blog post discussing business email compromise (“BEC”) schemes, we shared tips for preventing and responding to these incidents in remote work environments. This week, Bloomberg Law has posted Part Two of our series on BECs, which relates to the allocation of losses that often result from successful BEC attacks. In this installment, we discuss an emerging legal…

As many people return to their workplaces, cybersecurity attacks continue unabated. Email phishing remains the most common method by which cybercriminals first gain unauthorized access. These phishing attacks can then lead to ransomware incidents, business email compromise scams and other destructive cyber attacks. So, training employees to be able to spot phishing emails is as important as ever, as is…