It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the European Commission, the GDPR … [Read more] about Are You Using EU Standard Contractual Clauses for Data Transfers? Be Aware of these Breach Notification Requirements
On December 29, 2023, the Colorado Attorney General (the “AG”) announced that the Global Privacy Control (“GPC”) will become the first universal opt-out mechanism (“UOOM”) the AG considers valid under the Colorado Privacy Act (the “CPA”). Effective … [Read more] about Colorado AG Recognizes Global Privacy Control as the First Valid Universal Opt-Out Mechanism
On December 19, 2023, the Justice Department (“DOJ”) announced a disruption campaign against the Blackcat ransomware group. In the same press release, they also stated that the Federal Bureau of Investigation (“FBI”) had developed a decryption tool … [Read more] about FBI Develops Decryption Tool to Combat Blackcat Ransomware
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that the GDPR’s AI rules apply … [Read more] about EU’s Highest Court Issues Major AI Decision With Wide-Reaching Impact
After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s Cybersecurity Regulation (23 … [Read more] about NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations