The Standard Formula Podcast | Solvency II Back to Basics: Third Country Branches and Cross-Border Provision of Services
The United States ("U.S.") and the European Union ("EU") have settled on a framework for transfers of personal data for the first time since the European Court of Justice ("CJEU") effectively invalidate the EU-U.S. Privacy...more
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR. While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
In our super-connected age, we are inundated with information. It can be difficult to select what is really relevant to one’s business. The purpose of this Review is to provide legal counsel and their teams easy...more
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new...more
In July 2020, the Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid. The EU-U.S. Privacy Shield program was designed to provide European Economic Area (EEA) data transferred to the U.S....more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements. On March 25, the U.S. and E.U....more
In this month’s Privacy & Cybersecurity Update, we analyze the U.S. and EU’s joint commitment to create a new data transfer framework to replace the invalidated Privacy Shield, as well as Utah’s new state privacy law and...more
Following record fines imposed by the European Commission on the main European truck manufacturers, under preliminary references, the Court of Justice of the European Union (CJEU) has recently ruled on certain procedural...more
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated in “Schrems II” the EU–U.S. Privacy Shield framework, while upholding the Standard Contractual Clauses (SCCs) as a valid mechanism for...more
The European Commission has published updated versions of the standard contractual clauses for international transfers of personal data from the European Union (“EU”). These new standard contractual clauses take into account...more
Will the UK join the Lugano Convention 2007? Conflicting reports have emerged in recent days as to whether the EU will approve the UK’s application to join the Lugano Convention 2007, the UK’s preferred regime for...more
New Year’s Eve 2020 was a bit different from other years, and for more reasons than one. It will certainly be a date that any English lawyer advising on the UK’s postBrexit legal system will not easily forget. At 11pm GMT, EU...more
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On 31 January 2020, the UK left the European Union and entered a transition period that is due to end at 11:00 pm GMT on 31 December 2020. At this point, it is still uncertain whether a new EU/UK deal will be reached. To...more
On November 10, 2020, the European Data Protection Board (“EDPB”) released proposed rules describing the conditions that entities subject to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”) can transfer...more
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. On 10 November, the European Data Protection Board (EDPB) released...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
In follow up to the Court of Justice of the European Union's (CJEU) ruling in Schrems II, the European Data Protection Board (EDPB) has just adopted for public comment draft recommendations for supplementary measures for...more