Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
In the ever-evolving landscape of data protection and privacy, the General Data Protection Regulation (GDPR) stands as the most significant legislative framework for processing personal data. Known for its extraterritorial...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review...more
The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021...more
The concept of a “transfer” under Chapter V of the GDPR has always been a bit like obscenity. We didn’t have an authoritative definition, but with apologies to the late Justice Potter Stewart, we knew it when we saw it. And...more
The European Data Protection Board (EDPB) has provided further guidance on data transfers. Specifically, this most recent guidance clarifies what constitutes a “transfer.” While the concept of a transfer may seem...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
They State That Direct Collection of Personal Data by Non-EU Companies Is Not a "Data Transfer" Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Personal data can continue to flow freely between Europe and the United Kingdom (UK) following an agreement by the European Union (EU) to adopt an Adequacy Decision under Article 45 of Regulation 2016/679 (the General Data...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
Long-awaited SCCs for EU Data Transfers Adopted by European Commission with 18-month Transition Period - The EU has a cross-border data transfer framework gift for you! On June 4, 2021, the European Commission (“EC”)...more
The final version of the new standard contractual clauses (“SCCs”) were published by the European Commission on June 4, 2021. Many organizations that transfer or receive personal data originating in the European Economic Area...more
The Portuguese data protection authority issued a recent resolution ordering the Portuguese National Institute of Statistics (or INE) to stop sending personal census information to any countries outside of the EU that do not...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
On February 19, 2021, the European Commission adopted a draft ‘adequacy decision’ in favor of the UK. The adoption of the draft adequacy decision marks the first step in ensuring the continued free flow of personal data from...more
In mid-January 2021, the European Data Protection Board (EDPB) announced by press release that it has adopted jointly with the European Data Protection Supervisor (EDPS) written Opinions on the European Commission’s drafts...more
When a controller engages a processor, the GDPR requires that the parties enter into a specific contract that contains certain mandatory provisions. This contract is often referred to as a ‘data processing agreement’ or...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
Last week saw major innovations in the law of data transfer from the European Economic Area (EEA) to other countries, including the United States. This alert covers one of them: new guidelines from the European Data...more
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users...more
On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In...more
Selected Developments in U.S. Law - SEC Creates Event and Emerging Risk Examination Team - Following the Office of Compliance Inspections and Examinations’ (OCIE) recent and detailed risk alert on the threat of ransomware,...more