On August 7, 2023, the Commissioner of Data Protection of the Dubai International Financial Centre (the DIFC), a financial free-zone in the United Arab Emirates, issued the first adequacy decision regarding the California...more
8/18/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Dubai ,
Information Governance ,
International Data Transfers ,
Personal Data ,
United Arab Emirates (UAE)
On 8 June 2023, the UK Prime Minister and the US President jointly announced a commitment to a renewed partnership between the countries, and a framework for economic and diplomatic co-operation (the “Atlantic Declaration”1)....more
On Tuesday, December 13, the European Commission initiated its long-awaited process towards the adoption of an adequacy decision for the European Union (EU)-U.S. Data Privacy Framework (EU-U.S. DPF), which aims to address the...more
On November 20, 2022, the Saudi Data and Artificial Intelligence Authority (SDAIA) launched a public consultation (which is open until December 20, 2022) on its proposed amendments to the Personal Data Protection Law (PDPL)....more
Key Points -
President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
10/20/2022
/ Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People’s Congress (NPC) adopted China’s new PRC Personal Information Protection Law (PIPL), which will take effect on November 1, 2021. The...more
8/27/2021
/ China ,
Criminal Liability ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Use Policies ,
International Data Transfers ,
National Security ,
Personal Information
Recent developments in the tech sector in China, including government directives concerning heightened regulatory scrutiny of tech companies listed or looking to list in the US or on exchanges in other overseas jurisdictions,...more
The European Commission recently published two highly anticipated draft documents to facilitate data transfers. The first was the new, updated and modernised standard contractual clauses (“New SCCs”) for the transfer of...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On Wednesday, December 9, the Senate Commerce, Science and Transportation Committee held a hearing titled “The Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.” During the hearing, both...more
On November 19, 2020, the Abu Dhabi Global Market (ADGM), a financial free-zone in the United Arab Emirates (UAE), announced the issuance of a public consultation paper on its proposed new Data Protection Regulations 2020...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
The U.S. Department of Commerce, Department of Justice, and Office of the Director of National Intelligence have prepared a White Paper providing a detailed discussion and analysis of the July 16th Data Protection...more
10/1/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Department of Justice (DOJ) ,
Departments of Commerce ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
White Papers
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
9/30/2020
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
EU-US Privacy Shield ,
International Data Transfers ,
Personally Identifiable Information ,
Risk Assessment ,
Standard Contractual Clauses ,
Swiss Privacy Shield ,
Switzerland
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
On August 1, 2019, Bahrain’s Personal Data Protection Law (PDPL) (Law No. (30) of 2018) took effect. The PDPL aims to align Bahrain’s data protection framework more closely with global best practices and regulates the...more
8/21/2019
/ Bahrain ,
Best Practices ,
Civil Liability ,
Criminal Liability ,
Criminal Penalties ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
New Legislation ,
Personally Identifiable Information ,
Written Consent
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
2/21/2019
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
International Data Transfers ,
Proposed Guidance
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
On August 1, 2016, the Department of Commerce began accepting applications for self-certification under the new Privacy Shield requirements. Privacy Shield was approved by the European Union (EU) on July 12, 2016, and...more
On July 8, 2016, the European Commission Article 31 Committee, consisting of representatives from each of the EU member states, approved the revamped EU-U.S. Privacy Shield. This news marks a significant step forward for the...more
Wednesday, February 3, brought additional developments pertaining to the transfer of personal data from the EU to the U.S. consistent with EU privacy law. Just one day prior, we reported on the announcement by the EU and U.S....more
On December 15, 2015, European Union (“EU”) politicians and officials reached a political agreement on a new EU-wide legal framework to govern data sharing and collection and related consumer privacy rights. It is called the...more
In the wake of the European Court of Justice’s (“CJEU”) landmark decision of Schrems v. Data Protection Authority earlier this month, the EU Justice Commissioner Vera Jourova announced this week that the EU has “agreed in...more
11/2/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Model Contracts ,
National Security Agency (NSA) ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
If you read one thing...
- Just this week, Europe's highest court struck down the U.S.-EU Safe Harbor Framework, stating that it failed to adequately protect the privacy rights of EU citizens.
- The ruling,...more