Here are a few things to consider in a cross border complaint, according to the International Association of Privacy Professionals’ Data Protection Congress panel with Isabelle Vereecken of the European Data Protection Board,...more
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR.
While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
What can we learn about disclosures and how to draft privacy notices from the Sweden IMY decision and why is it important for both GDPR companies and CPRA, CDPA, CPA and UCPA companies:...
...more
Here are five things you should know about Google Analytics, transfers and Schrems II.
1. Down to Middle Earth We Go Brush up on your J.R.R. Tolkien because Datatilsynet in its new guidance on cloud providers, says you...more
The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”
Here are some key takeaways:...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
It’s time for a new agreement on transatlantic data flows, according to the U.S. Chamber of Commerce.
“The U.S. and EU must work together to swiftly finalize a new EU-U.S. Privacy Shield agreement that brings legal...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
The United Kingdom’s Information Commissioner’s Office has issued guidance for public consultation on cross-border transfers of personal data from the UK to third countries without an adequacy decision, replacing the old...more
Third country laws – more than meets the eye. In practice – problematic legislation in disguise. The European Data Protection Board has issued a “Transformers” style plan for assessing whether or not you can transfer...more
If at first (and second) you don’t succeed, try try again. The European Union and United States are gearing up for “Privacy Shield 2.0” to address the difficulties faced by tens of thousands of companies in the wake of the...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
3/22/2021
/ Corporate Counsel ,
Cross-Border ,
Encryption ,
EU ,
International Data Transfers ,
Parent Corporation ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Third-Party
Transfers for compliance with U.S. law can generally be done under the General Data Protection Regulation (GDPR) Article 49 derogation, said the United Kingdom's Information Commissioners Office (ICO) in a letter to the U.S....more
Norway’s Datatilsynet does not mince words in its Brexit guidance:
“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom...more
In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard...more
Brace yourselves, the post-Schrems II supplemental measures are coming!
The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union...more
Norway's Data Protection Authority, Datatilsynet Norway, issued a Q&A on cross-border transfers in the wake of the Schrems II ruling-
Key Takeaways-
•Access to European Union data from a third country constitutes a...more
The U.S. government has published a whitepaper that outlines the robust limits and safeguards in the United States pertaining to government access to data in an effort to assist organizations in assessing whether their...more
The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data...more
On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet...more