Recent court cases in the U.S. have sparked a renewed legal debate on the use of session replay software and chatbots, particularly within the context of privacy. These technologies, while offering valuable insights into user engagement and behavior, have raised concerns regarding the collection and storage of personal data without explicit consent. The use of session replay software has also landed website operators in court for violations of wiretapping laws. What is Session Replay Software? Session replay software is a tool employed by websites and applications to enhance user experience. T ..read more

A Real Legal Risk Sooner or later, we all make the error of hitting the send button too quickly, only to discover that we sent an email to the wrong person or copied someone by mistake. Sometimes, you are saved by the message recall feature, but this does not always work. Then you scramble to send an email to the mistaken recipient, humbly asking them to delete the email. That is, if they have not already replied in confusion. Or worse, one of the other recipients might notice the mistake first and contact you in alarm. Sometimes, the dust settles and life carries on, but in many cases this ty ..read more

Contributor(s): Monique Chvatal, Isabel Fernández Del Campo Aguiló Data protection is a key consideration in today’s interconnected world, and few companies understand this better than Conga. As a leading provider of contract lifecycle management (CLM) and document automation solutions, Conga demonstrates a strong commitment to privacy and data protection compliance. However, adapting to continuously evolving regulatory frameworks is a challenging task for any company. This case study explores how Conga, with strategic guidance and support from VeraSafe, successfully aligned its data privacy p ..read more

Contributor(s): Danie Strachan Related topics: GDPR, EU Privacy Laws What is a data protection officer? Generally, a data protection officer (DPO) is a person responsible for ensuring that an organization processes personal data in compliance with applicable data protection laws. Their role involves collecting information to identify the organization’s processing activities, analyzing those activities, and checking that they are legally compliant. The DPO also advises and makes recommendations to the organization regarding its personal data processing. While the European Union’s General Data P ..read more

Contributor(s): Danie Strachan, Isabel Fernández Del Campo Aguiló Related topics: Digital Services Act, EU Privacy Laws, Compliance Tools and Advice Introduction In an era dominated by digital interaction, the European Union has taken a decisive regulatory step with the adoption of the Digital Services Act (DSA) in 2022. This legislative landmark aims to create a transparency and accountability framework, counter illegal online content, enhance user safety, and provide users with strengthened rights. Some companies designated as very large online platforms and very large online search eng ..read more

Contributor(s): Nonhlanhla Mohlaba, Danie Strachan Related topic(s): US Privacy Laws, EU Privacy Laws, UK Privacy Laws We’re all familiar with the idea that actions have consequences, and usually the severity of the action (or offense) determines the severity of the consequence. This notion also holds true in the privacy world: non-compliance with data privacy laws has consequences, with administrative fines often being one of them. Have you ever wondered what happens to the money collected from such fines? This blog post explores this question in the EU, UK, and U.S. How Administrative F ..read more

Contributor(s): Lauren McClanahan, Danie Strachan, Monique Chvatal Related Topics: Compliance Tools and Advice, US Privacy Laws, GDPR, CCPA What are dark patterns? Dark patterns are digital design tactics meant to trick or mislead users into making unintended decisions, such as making a purchase, signing up for a newsletter, or sharing personal information. Unlike good user interface (UI) design, these deceptive practices benefit the business at the expense of the user’s choice and can take various forms, including misleading copy, hidden costs, and confusing layouts, among others. Some of the ..read more

Contributor(s): Danie Strachan Related topics: Clinical Trials, Compliance Tools and Advice, GDPR When embarking on clinical trials, it’s important for organizations to handle participants’ personal data with heightened caution, given its sensitive nature. Simultaneously, compliance with specific legal requirements, especially those unique to each country, becomes imperative. Take France, for instance. The CNIL, its data protection authority, requires organizations to obtain prior authorization to conduct certain types of research. Fortunately, navigating the intricate landscape of data protec ..read more

Contributors: Nonhlanhla Mohlaba, Monique Chvatal Related Topics: Compliance Tools and Advice, US Privacy Laws The legal landscape of health information privacy and consumer protection is continuously evolving. This raises a pivotal question: Is simply being compliant with HIPAA sufficient for regulated entities that collect and share consumer health information for commercial purposes? Let’s break it down. Understanding HIPAA HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a U.S. federal law established to safeguard the privacy and security of individuals’ medica ..read more

Photographs have the capacity to reveal sensitive aspects of a person’s life, which could mean a photograph qualifies as a “special category” of personal data under the GDPR, bringing heightened regulatory obligations. Contributor(s): Jason Tsoutsouras, Danie Strachan, Isabel Fernández Del Campo Aguiló Related Topics: Compliance Tools and Advice, GDPR, EU Privacy Laws GDPR & Photographs: Understanding Special Categories of Personal Data You’ve probably heard the old adage, “a picture is worth a thousand words.” A photograph not only allows others to identify you, but it can reveal other as ..read more