The Council of the European Union adopted the Data Act on November 27, 2023. The Data Act, together with the Data Governance Act and EU General Data Protection Regulation (GDPR), as key elements of the broader European data...more
India enacted its new privacy law—the Digital Personal Data Protection Act, 2023 (DPDP Act) on August 11. Once in effect, the DPDP Act will replace the relevant provisions of the Information Technology Act, 2000, Information...more
The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF. As a successor of the EU-US Privacy Shield, the EU-US DPF...more
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further...more
The European Commission recently released a draft adequacy decision for the European Union and United States Transatlantic Data Privacy Framework (TDPF). If the decision is finalized, data transfers between the European Union...more
US President Joseph Biden issued an Executive Order On Enhancing Safeguards for United States Signals Intelligence Activities on October 7, which establishes safeguards relating to the handling of personal information in the...more
US President Joseph Biden signed the long-anticipated Executive Order on Enhancing Safeguard for United States Signals Intelligence Activities (EO) on October 7, 2022, providing enhanced protections in an effort to restore...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
As the challenges to and requirements governing data protection continue to evolve, data privacy remains a hot topic on the minds of security and compliance professionals around the world. If the last few years provide any...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
8/24/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR...more
3/10/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Emergency Management Plans ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Italy ,
Personal Data ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
Following a legal challenge to the validity of data transfers from organizations in Europe to organizations in countries like the United States, the opinion of the Advocate General (AG) of the Court of Justice of the European...more
The European Union (EU) has adopted an adequacy framework for the transfer of personal data between Japan and the European Union. This framework is a mutual arrangement that applies to both sides as of January 23, 2019....more
The EU-US Privacy Shield became operational on August 1, 2016; a nine-month grace period for compliance with the onward transfer requirements applies for organizations that sign up to the Privacy Shield prior to October 1,...more
The new EU-US Privacy Shield seeks to address the European Court of Justice’s criticisms in Schrems after the decision invalidated the Safe Harbor program for EU-US data transfers.
On February 29, the EU Commission...more
3/2/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
Dispute Resolution ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Schrems I & Schrems II ,
US Department of State ,
US-EU Safe Harbor Framework
The powers of EU data protection authorities are significantly strengthened by the decision, allowing them to suspend some or all personal data flows into the United States in certain circumstances.
In Maximillian...more
10/7/2015
/ Advocate General ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
National Security Agency (NSA) ,
Pending Legislation ,
Personal Data ,
Prior Express Consent ,
PRISM Program ,
SCC ,
U.S. Commerce Department ,
Umbrella Agreement ,
US-EU Safe Harbor Framework
Data transfers can be suspended until investigation is complete.
In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the Advocate General ruled that EU data protection authorities do have powers to...more
9/28/2015
/ Advocate General ,
Binding Corporate Rules ,
Cloud Computing ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Prior Express Consent ,
Privacy Policy ,
Public Disclosure ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The Bill’s provisions on international data transfers are most relevant to foreign companies that do business in Brazil.
The Brazilian government has issued a Bill for the Protection of Personal Data (Bill) for public...more