Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
Closely following the establishment of the EU-US Data Privacy Framework (DPF) – see our July 2023 post – the UK has now agreed to an extension for the transfer of personal data from the UK to the US, known as the UK Extension...more
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
It’s 1 September 2022 and I’m back at my desk at Allen & Overy having spent the last six months on secondment to the Legal Services team at the UK Information Commissioner’s Office. So how did it go?...more
While countries all over the globe continue to make data privacy strides, comparing similarities and differences between the EU and U.K. is important in light of Brexit. It is also crucial to know the differences as they...more
Two new United Kingdom (“UK”) data transfer mechanisms, the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum (“UK Addendum”) to the European Union’s (“EU”) new standard contractual...more
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
When opening its recent consultation on regulating international data transfers from the UK in the post-Brexit era the ICO said, “We understand that international transfers can be complex, especially for smaller businesses....more
Hogan Lovells’ Privacy and Cybersecurity team have made a formal submission to the Information Commissioner’s Office consultation on how organisations can continue to protect people’s personal data when it is transferred...more
On 11 August 2021, the Information Commissioner’s Office (ICO) launched a public consultation on key aspects of the international transfer regime under the UK GDPR. Originally published in Practical Law. ...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
Transfers for compliance with U.S. law can generally be done under the General Data Protection Regulation (GDPR) Article 49 derogation, said the United Kingdom's Information Commissioners Office (ICO) in a letter to the U.S....more
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more
Following its Guidance issued on April 6, 2020, the Irish Data Protection Commission signaled its intent to begin enforcement against companies who fail to adhere to the Commission’s guidelines on the use and management of...more
Today (July 16) Europe’s highest court, the Court of Justice of the European Union (CJEU), in the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II) invalidated the EU–U.S. Privacy...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Submits Comment on the Preliminary Draft for the NIST Privacy Framework - On October 24, 2019, the Federal Trade Commission ("FTC") announced that...more
The Situation: The United Kingdom is due to leave the European Union ("EU") on 31 October 2019. Negotiations between member states of the EU excluding the United Kingdom ("EU27") and the United Kingdom are ongoing, but it is...more
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
The General Data Protection Regulation (GDPR) imposes strict obligations upon organizations that process the “personal data” of European individuals. Failure to comply with GDPR can result in large fines. The UK’s Information...more
Focus on four areas to mitigate the danger of data transfer across borders - Cross-border data transfers are not only frequent, but often crucial components of everyday business. Today’s patterns of global data flow would...more
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies...more