Skip to main content

Clifford Chance

Clifford Chance

Data

Talking Tech

Featured

More Data Articles

Data

China Finalises Standard Contract on Cross-Border Transfer of Personal Information

The PRC Data Laws set out the supervisory approach of PRC regulators to different data- and PI- related matters. One of the key focuses for multinational companies that are subject to the PRC Data Laws is compliance with PRC regulatory requirements on international transfer of PI (i.e., exporting and/or receiving China-sourced PI, including by way of remote access), given the potential widespread implications on their global business and data management systems.

Read
Data

The UK's Data Protection and Digital Information Bill – Further Reform on the Horizon

The UK’s Data Protection and Digital Information Bill (Bill) was laid before the UK Parliament on 18 July 2022, marking a significant step in the post-Brexit reform of the UK’s data protection regime. This long take analyses key aspects of the Bill and highlights areas that are likely to be the focus of engagement on potential further reform. To assist stakeholders in understanding the changes to legislation proposed by the draft Data Protection and Digital Information Bill, Clifford Chance has produced PDF redlines (called 'Keeling Schedules') of the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Read
Data

The case for a risk-based approach to data transfers: Clifford Chance and DLA Piper publish joint paper arguing for proportionality

The leading European data protection teams at Clifford Chance and DLA Piper have collaborated on a joint paper setting out the case for a proportionate approach to conducting risk assessments of international transfers of personal data.

Read
Data

Data Privacy: Preparing for 2023 (and beyond) in California

As 2023 approaches, a flurry of activity in California means big changes in the year ahead for data privacy. New obligations, an expanded scope of covered data, increasing enforcement, and scant regulations all mean it’s a good time for companies processing the personal information of California residents to make sure they’re prepared for the new year. Read ahead for insights into what’s coming and strategies for compliance, including Frequently Asked Questions.

READ

Data Centre Trends 2023

The data centre industry is poised for growth in 2023 due to increased demand from businesses. However, factors such as higher costs, a slowing economy, new capacity challenges and increased regulation due to sustainability concerns about energy and water consumption, will impact growth. The pandemic has fueled the growth of the global data centre market, projected to reach 235 billion euros by 2026 with a projected Compound Annual Growth Rate of 4.5%. Companies must consider the latest tech trends when selecting a data centre partner or colocation provider.

READ
Data

Monitoring in the workplace: direction of travel

Monitoring employees in the workplace is not new but the methods by which this is achieved, the workplace itself and relevant regulatory regimes are continually evolving. The UK's Information Commissioner's Office (ICO) has published for consultation draft Guidance on Monitoring at Work. Coincidentally, in the same week the international press reported a Dutch case in which the courts awarded an employee in the region of €75,000 after being dismissed for refusing an instruction to keep his webcam on for the entire duration he was logged on to his work PC.

READ
Data

Data Flows in a Modern World

Data flows are the lifeblood of trade in digital services. Despite this, a growing number of jurisdictions are restricting cross-border data flows and implementing localisation requirements, often in the name of data sovereignty. There are two facets to this issue: data localisation and data transfer regimes, which we consider in this article

READ
Tech

Digital trade: an evolving concept and legal landscape

The concept of "digital trade" does not have a universally recognised definition. It is commonly used to refer to both the online trade in goods and services and the physical trade in goods that is enabled though digital means (such as electronic customs clearance technology, enterprise freight management software or blockchain). For example, the OECD defines digital trade as "digitally enabled transactions of trade in goods and services that can either be digitally or physically delivered".

READ
Data

Beyond adequacy: working together to ease multi-jurisdictional privacy compliance

International trade in digital goods and services relies on the sharing of data across borders. As an increasing number of countries introduce and update data protection laws, complying with requirements across jurisdictions is becoming increasingly complex. Cross-border data governance is a significant, and seemingly ever-growing, cost of doing business.

READ
Data

The Data Act: A proposed new framework for data access and porting within the EU

The proposed Regulation seeks to redefine rules and practices on data access and use in order to foster data (re)use.

READ
Data

Next steps after U.S. President Biden issues Executive Order on U.S. data transfers from 'qualified states'

On 7 October 2022, U.S. President Joe Biden issued an Executive Order "On Enhancing Safeguards for United States Signals Intelligence Activities" (the Order) to effectuate the preliminary agreement between U.S. President Biden and European Commission President Ursula von der Leyen for promoting trans-Atlantic data flows. The Order does not establish a mechanism for transfers of personal data from the EEA to the U.S., but is expected to pave the way for an adequacy decision from the European Commission in due course, which would permit such trans-Atlantic personal data flows.

READ
Data

E-Privacy check-in: where we are, and where we're headed

Are we any closer to EU institutions reaching an agreement on the final regulation text

READ

US Data Laws Focus

Data

Colorado joins California and Virginia with a comprehensive data privacy law

The Colorado Privacy Act (CPA) will give Colorado consumers certain rights with respect to their personal data. The new law will go into effect on 1 July 2023

READ
Data

Connecticut Data Privacy Act Becomes Nation's Fifth State Privacy Law, Setting Stricter Standards

The Act is the latest stitch in the patchwork of state and federal privacy laws that is growing ever more complex. And as has become a trend, while the law shares many similarities with its counterparts in other states, the Act also has certain unique provisions that companies that do business in Connecticut will need to carefully consider before the law goes into effect on July 1, 2023

READ
Data

Utah Becomes Fourth State To Pass Consumer Privacy Act, First With Republican-Controlled House And Senate

On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act into law, making Utah the fourth state to pass a comprehensive consumer privacy law

READ

US Lawmakers Release Draft of Comprehensive Federal Data Privacy Bill

On June 3, 2022, a coalition of lawmakers from the United States House and Senate released a discussion draft of the American Data Privacy and Protection Act ("ADDPA). The 64-page bill represents a crucial bipartisan and bicameral compromise1 to give Americans unprecedented rights over their data.

READ

One "Fine" Day? Insights from the first fine issued by the California Attorney General under the CCPA

On August 24, 2022, the California Attorney General (CAG) announced a $1.2 million settlement with Sephora to resolve allegations that the consumer goods retailer violated the California Consumer Privacy Act (CCPA) by failing to disclose to consumers that it was selling their personal information. The settlement is notable not only because it is the first civil penalty issued under the statute, but also because it confirms a broad interpretation of what constitutes a "sale" of personal information under the law and the requirement for websites to respond to global privacy controls.

READ

Virginia passes the Consumer Data Protection Act

2021 is projected to be a pivotal year in privacy legislation and the year is off to a fast start. On2nd March, the Commonwealth of Virginia became the first state to enact a comprehensive consumer privacy law in 2021. The Virginia Consumer Data Protection Act draws heavily from the California Consumer Privacy Act and the EU General Data Protection Regulation and will impose significant new obligations on certain companies that process personal information of Virginia residents. The new law will go into effect in 2023.

READ

Upcoming events

Space-tech-600x400-2

EVENT: 03 October 2023: Applied ethics and generative AI – challenges and prospects for businesses (In-person – Canary Wharf, London)

The latest session in our Ethics Series, organised in conjunction with the Canary Wharf G30 Conduct and Culture Group and Canary Wharf Multifaith Chaplaincy, will explore the ethical issues for businesses arising from the use of generative AI. The discussion will focus on how to get the best out of the new technology given the various ethical challenges it presents around accuracy, consistency, plagiarism, breach of copyright, data privacy and confidentiality, deep fakes, cyber-attacks, hallucinations and inherent bias. We will also look to the impact on future generations, and the ethical implications of the changes that AI may bring on society.

Register