Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more
On 4 September, the ECJ handed down a major and eagerly awaited decision on the scope of personal data, accepting the point that pseudonymised data may be anonymised in the hands of a third party. The ECJ’s approach is...more
The EU Data Act is one of the cornerstones of the EU's Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU's data economy. Most of the provisions of the Data Act will become...more
A data controller that is not a critical information infrastructure operator that cumulatively exports personal information (excluding any sensitive personal information) of less than 100,000 individuals since January 1 of...more
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
In our previous posts, we discussed what data export activities are subject to scrutiny assessment (CAC Assessment) conducted by the Cyberspace Administration of China (CAC) (see Part 1) and examined what companies must do...more
With the rapid development of the global digital economy, multinational companies (MNCs) have been forced to find legally compliant ways to transfer data across borders. In the past, many MNCs relied on data transfer...more
The concept of a “transfer” under Chapter V of the GDPR has always been a bit like obscenity. We didn’t have an authoritative definition, but with apologies to the late Justice Potter Stewart, we knew it when we saw it. And...more
The European Data Protection Board (EDPB) has provided further guidance on data transfers. Specifically, this most recent guidance clarifies what constitutes a “transfer.” While the concept of a transfer may seem...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
On 13 April 2021, the British Virgin Islands (“BVI” or “Virgin Islands”) became the latest jurisdiction to enact a comprehensive information privacy law when the territory published the Data Protection Act, 2021 (the “DPA...more
American companies should take notice of some important developments in data privacy laws in the U.S. and in the European Union. California Privacy Rights Act - On November 3, 2020, California voters approved the...more
Recent M&A deals the teams have worked on involving insolvent corporates have highlighted the challenges which exist around the transfer of customer lists and databases, which are often a significant asset for the buyer. ...more
The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users...more
Marc Zamsky has been involved in the eDiscovery provider community since 1996. He joined Compliance in May 2013 as the Chief Operating Officer. In that role, Marc expanded the eDiscovery solutions offered by Compliance by,...more
New York’s state legislature is considering a new data privacy law that would set the standard for data privacy in the U.S. The New York Privacy Act (the “NYPA” or the “Act”), which is currently being considered by the state...more
It has been rough weather for Google in France. Three weeks after the French ?Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande...more
Following a significant fine against the parties to an asset acquisition for illegally transferring customer information, the Bavarian Data Protection Supervisory Authority (Bavarian DPA) announced on August, 20, 2015 that it...more