We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
The Federal Bureau of Investigation (FBI) recently warned employers of increasing security risks from North Korean workers infiltrating U.S. companies by obtaining remote jobs to steal proprietary information and extort money...more
In Part I, we discussed the European Commission’s (“Commission”) disapproval of Meta’s “pay or consent” subscription model. In Part II, we delve into the European Commission’s findings, prior findings by the European Data...more
If you have been doing business with entities in the European Union, chances are that you have struggled to figure out how to transfer data from the EU to the US without running afoul of the General Data Protection Regulation...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
On Friday, March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen jointly announced that a deal has been reached to replace the former Privacy Shield framework governing data transfers...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
On November 10, 2020, the European Data Protection Board (EDPB) adopted its long-awaited recommendations on (1) measures that supplement transfer tools to ensure transfers of personal data outside the European Economic Area...more
In this month’s edition of our Privacy & Cybersecurity Update, we examine the passage of the ballot initiative that enacts the California Privacy Rights Act, the U.K. Information Commissioner’s Office’s final guidance on data...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
Open banking is an important driver of the fintech revolution. Regulators have recognised open banking as a means of introducing competition and innovation in the banking sector. Likewise, fintechs are seizing the...more
Foreword - European data protection laws have made significant strides in the last two decades. Privacy and data protection laws have undergone dramatic changes over the last 20 years, in a race to keep up with technology....more
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations...more
In this month's edition of our Privacy & Cybersecurity Update, we examine a declaration on ethical considerations for artificial intelligence, the annual joint review of the Privacy Shield, a new lawsuit from a snack food...more
Antitrust and Competition - Transactions in the digital sector and acquisition of data continue to attract scrutiny in Europe - On 6 September 2018, the European Commission cleared without conditions the proposed acquisition...more
Background - On 17 July 2018, the European Union (the “EU”) and Japan reached an agreement to recognize each other’s data protections systems as “equivalent”, and each commits to complete internal procedures by fall 2018 (the...more
You’ve probably heard of the dreaded four-letter word – GDPR. Companies around the globe had been preparing for the May 25th implementation date for quite some time. But U.S.-based companies with no apparent EU presence may...more
The European Union's General Data Protection Regulation (GDPR) is a comprehensive privacy law that governs any entity that collects or processes the personal data of individuals located in the European Union (E.U.)* or the...more
In less than four months, the General Data Protection Regulation (the "GDPR" or the "Regulation") will take effect in the European Union/European Economic Area, giving individuals in the EU/EEA greater control over their...more
On October 18, 2017, the EU Commission released its report of the first annual review of the EU-U.S. Privacy Shield framework. The Privacy Shield is the successor of the Safe Harbor Agreement which was invalidated by the...more
In our latest memorandum, we have briefly outlined some of the main legal implications of Brexit according to different models, including the EEA model. In light of recent comments made by Theresa May, it is unlikely that...more
In the context of increasing cyber-attacks on major corporate organisations, small businesses and government, data protection and cybersecurity is a hot topic. Added to this, the GDPR—a strict new regulatory regime in...more
The UK’s new Prime Minister Theresa May has said: “The country voted to leave the European Union, and as prime minister I will make sure that we leave the European Union.” That seems like a clear statement, but the...more
1. CJEU finds Safe Harbor Invalid - In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more