We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Cloud-based HR systems have become standard for multinational businesses, driving efficiency but also increasing compliance and privacy risks. Indeed, a recent Workday case, which originated in Germany, has clarified the...more
Employers around the world are increasingly using artificial intelligence (AI) to optimize many facets of their business operations, ranging from screening job applications and assigning tasks in real time to evaluating...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
ust over a year ago, on 21 April 2022, the seven economies (Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA) participating in the Asia-Pacific Economic Cooperation (APEC) Cross-Border...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
The 13 December 2022 marked a further stage in restoring greater stability for transatlantic personal data transfers, as the European Commission (the Commission) launched the process towards adoption of an adequacy decision...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
The United States ("U.S.") and the European Commission ("EU Commission") recently announced an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to...more
In this month’s Privacy & Cybersecurity Update, we review the TSA’s new cybersecurity requirements for critical U.S. infrastructure, the White House OMB’s new guidance on cyber incident reporting procedures and the U.S.-U.K....more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Editors’ Note: This is the third in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous posts on Energy and Cannabis. A year ago,...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the U.S. Treasury's advisories regarding the role of financial intermediaries in ransomware payments, a ruling by the Israeli data protection authority...more
Website and app operators are jointly liable with Facebook for violations of European data protection law - In its judgment of 29 July 2019 (ref.C-40/17), the European Court of Justice has ruled on two essential points...more
Barely one month after the Court of Justice of the European Union (CJEU) issued its Schrems II decision striking down the EU-U.S. Privacy Shield Framework (Privacy Shield), Austrian privacy activist Max Schrems has filed 101...more
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's draft regulations on the California Consumer Privacy Act, the CJEU's clarified rulings on the use of cookies, the...more
On 21 March 2019, an advocate general (AG) of the Court of Justice of the European Union (CJEU) delivered an opinion that sheds light on key issues related to websites’ use of cookies — data packets that can be used by...more
On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”). Specifically, the Guidelines address...more