Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more
...This session, led by industry-acknowledged experts in areas ranging from data protection and privacy to data transfer and legal discovery, provided a professional forum for the explanation of the best approaches,...more
The Dubai International Financial Centre’s ("DIFC") data protection authority has published its proposals for updated tools and guidance on international data transfers. A consultation on these proposals by the DIFC...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements. On March 25, the U.S. and E.U....more
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement. In late December, the Austrian Data...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
On 28 June, the European Commission adopted its Adequacy Decision for the UK, putting to an end (at least for now), the uncertainty surrounding EU to UK personal data flows. This averted a “cliff edge” in the shape of the 30...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
At the beginning of the year, the German data protection authorities (DPAs) announced that they would take joint action to enforce the decision of the European Court of Justice (ECJ) in the "Schrems II" case. On June 1,...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
The Portuguese data protection authority issued a recent resolution ordering the Portuguese National Institute of Statistics (or INE) to stop sending personal census information to any countries outside of the EU that do not...more
On 27 April 2021, the supervisory authority of Portugal (CNPD) issued a resolution that required the National Institute of Statistics (INE) to suspend, within twelve hours, the transfer of data collected as part of the 2021...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
1. Schrems II requires parties relying on the SCCs to implement additional measures ensuring that transferred personal data is adequately protected. The Schrems II decision did not affirmatively invalidate the SCCs, but...more
News sources reported this month that the Irish data protection authority (DPA) had sent Facebook a preliminary order that would prohibit the transfer of information about European Union (EU) residents to US Facebook users....more
On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In...more
Barely one month after the Court of Justice of the European Union (CJEU) issued its Schrems II decision striking down the EU-U.S. Privacy Shield Framework (Privacy Shield), Austrian privacy activist Max Schrems has filed 101...more
In the wake of Schrems II, the July 16, 2020, decision from the European Court of Justice that invalidated the EU-U.S. Privacy Shield as a legal means of data transfer between the European Union and the United States,...more
On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment....more
The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision....more