No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Life With GDPR - Data Transfer Update
Life with GDPR - Data Transfers from EU/UK to US
Everything Compliance - The Elon Etc Edition
Interview With Ayesha Minhaj, Google - Digital Planning Podcast
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
On May 2, 2025, the Irish Data Protection Commission (“DPC”) issued a decision, as lead supervisory authority, finding that TikTok infringed the GDPR regarding (a) its cross-border transfers of EEA User Data to China, and (b)...more
The Cyberspace Administration of China (CAC) released an important Q&A on cross-border data transfer requirements and policies in early April, providing clarification on a number of issues of concern to companies in China....more
As 2025 progresses, one thing is clear—GDPR enforcement is not slowing down. In fact, regulators across Europe are intensifying their scrutiny, handing out significant fines and even warning executives of potential personal...more
The final rule establishes prohibitions and restrictions on the transfer of certain data due to national security risks from specified countries of concern....more
In the ever-evolving landscape of data protection and privacy, the General Data Protection Regulation (GDPR) stands as the most significant legislative framework for processing personal data. Known for its extraterritorial...more
As part of the latest developments regarding the personal data protection regulations in the Kingdom of Saudi Arabia ("KSA"), the Saudi Data and Artificial Intelligence Authority ("SDAIA") issued the Regulation on Personal...more
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, or AP) has issued a €290 million fine to Uber for violating the EU’s General Data Protection Regulation (GDPR)....more
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
On 28 February 2024, President Biden issued Executive Order 14117 of February 28, 2024, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO) aimed...more
Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on...more
On the heels of the EU-US Data Privacy Framework (DPF), another bridge has been built across the Atlantic to streamline data transfers between businesses. In July, the European Commission adopted its much-anticipated...more
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
After years of uncertainty in the privacy rules governing transfer of data from the EU to the U.S., the new transatlantic data privacy framework has finally been adopted. On July 10, the European Commission formally adopted...more
Updated June 2023 - The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
Join us for a webinar where we will focus on the details of the recently finalised and published Executive Order to Implement the European Union-U.S. Data Privacy Framework. Alongside Alex Brown of UK-headquartered...more
President Biden signed a new executive order on Friday, with a framework that seeks to replace the existing Privacy Shield program. That program was found to be an invalid mechanism for transferring personal data between the...more
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more
President Biden and EU leaders announced on March 25, 2022 an agreement in principle to craft a replacement for the Privacy Shield and expand options for trans-Atlantic data transfers in accordance with the General Data...more
The concept of a “transfer” under Chapter V of the GDPR has always been a bit like obscenity. We didn’t have an authoritative definition, but with apologies to the late Justice Potter Stewart, we knew it when we saw it. And...more
They State That Direct Collection of Personal Data by Non-EU Companies Is Not a "Data Transfer" Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more