Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
The new framework provides an additional route for personal data transfers from the EEA to the US.
On 10 July 2023, the European Commission (EC) took the final step to enable businesses to start relying on the new EU-US...more
8/1/2023
/ Adequacy Requirement ,
Certification Requirements ,
Compliance ,
Data Privacy ,
Department of Transportation (DOT) ,
Enforcement Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
Switzerland ,
US-EU Safe Harbor Framework
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
5/23/2023
/ Corporate Fines ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
Facebook ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Standard Contractual Clauses ,
Statutory Violations
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
“Business as usual” for UK-EU data protection transition in 2020.
On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January...more
2/14/2020
/ Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Transitional Arrangements ,
UK ,
UK Brexit ,
Withdrawal Agreement
Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal.
“No Deal” Brexit -...more
As European data protection regulators prepare to enforce the General Data Protection Regulation (GDPR) from May 2018, private equity firms must act to minimise the risk of becoming financially liable for the data protection...more
12/14/2017
/ Antitrust Provisions ,
Corporate Liability ,
Data Breach ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Portfolio Companies ,
Private Equity ,
UK
On October 3, 2017, the Irish High Court announced that it will make a reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the validity of the Standard Contractual Clauses, which allow...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
6/2/2017
/ CNIL ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Multinationals ,
UK ,
UK Brexit ,
UK Data Protection Act
The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft...more
The current draft grants Chinese regulators broad discretion to prohibit data transfers.
Key Points:
..The draft requires both the consent of the data subjects and/or the permission of the regulators for any...more
After over four years of debate, the General Data Protection Regulation (GDPR) recently came into force, taking effect after a two year transition period, i.e. from 25 May 2018. The GDPR introduces a rigorous and far-reaching...more
As the whole world now knows, the UK voted to leave the European Union (EU) in its historic referendum on 23rd June by a vote of 51.9 percent in favour of “leave” to 48.1 in favour of “remain”. This blog focusses on how that...more
6/28/2016
/ Binding Corporate Rules ,
EFTA ,
EU ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Referendums ,
Standard Contractual Clauses ,
UK ,
UK Brexit ,
UK Data Protection Act
Businesses have two years to comply with Europe’s new privacy regime.
On 24 May 2016, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR...more
5/25/2016
/ Binding Corporate Rules ,
Cyber Incident Reporting ,
Data Controller ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Parental Consent ,
Personal Data ,
Privacy Policy ,
Recordkeeping Requirements ,
Standard Contractual Clauses
Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor...more
2/5/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Judicial Redress Act ,
Legislative Agendas ,
Member State ,
Model Contracts ,
Schrems I & Schrems II
On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from...more
10/7/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU Directive ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Member State ,
Model Contracts ,
US-EU Safe Harbor Framework