Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
Pennsylvania COVID-19 Update Featuring Former Pa. Gov. Tom Corbett
The European Data Protection Board (EDPB) has adopted its draft Recommendations 1/2026 on Binding Corporate Rules for Processors (BCR-P) (“Recommendations”). ...more
The European Commission has now published its Draft Recommendation on non-binding Model Contractual Terms (“MCTs”) and Standard Contractual Clauses (“SCCs”) under Article 41 of the EU Data Act (Regulation (EU) 2023/2854)....more
Do you sell goods or services online? Do you have customers in California? If so, you may be a target of claims under the “Yelp Law,” a statute residing at the intersection of good intentions and bad drafting....more
The EU Data Act (Regulation (EU) 2023/2854), applicable from September 12, 2025, introduces a comprehensive legal framework aimed at enhancing data portability, interoperability, and minimizing dependency on individual...more
The EU Data Act came into effect on September 12, 2025. The European Commission has announced that further tools are in progress to assist with implementation of the EU Data Act, such as setting up a “Data Act Legal...more
In today’s interconnected world, international research collaborations are becoming increasingly vital to scientific advancement. A key component of such collaborations is the cross-border transfer of study data, including...more
On September 3, 2025, the European General Court (“EGC”) issued a highly anticipated judgment refusing to annul the European Commission’s July 2023 adequacy decision for the EU–U.S. Data Privacy Framework (“DPF”). The action,...more
On September 3, 2025, the Court of Justice of the European Union (CJEU) put months of uncertainty to rest by upholding the European Commission’s adequacy decision for the EU-US Data Protection Framework (DPF). In doing so,...more
On September 3, 2025, the European General Court (General Court) dismissed an action challenging the EU–U.S. Data Privacy Framework (DPF), developed to provide U.S. organizations with a reliable means to transfer personal...more
On September 3, 2025, the European Union General Court (EGC) dismissed a legal challenge to the EU-U.S. Data Privacy Framework (DPF) – a first in these types of challenges typically brought by privacy activists. This decision...more
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission...more
Resolution CD/ANPD No. 19/2024 (the “Resolution”) deepened the provisions of the Brazilian General Data Protection Law (“LGPD”) regarding International Data Transfers (“IDT”) and brought the country closer to European...more
In August 2024, Brazil’s Data Protection Agency—Autoridade Nacional de Proteção de Dados (ANPD)—issued the International Transfer Regulations, including the Standard Contractual Clauses (SCCs) template. The SCCs are currently...more
As we navigate through 2025, the European legal landscape is undergoing a significant transformation, particularly in the realms of artificial intelligence (AI) regulation and data sovereignty. These changes are reshaping how...more
The Cyberspace Administration of China (CAC) released an important Q&A on cross-border data transfer requirements and policies in early April, providing clarification on a number of issues of concern to companies in China....more
In politically uncertain times, is your organisation’s data transfer compliance unquestionable? The EU-U.S. Data Privacy Framework (DPF) serves as a useful mechanism for transatlantic data transfers, and it can assist...more
Key takeaways Faster Negotiations: SCs aim to significantly shorten CTA review times. Scope: The SCs cover specific terms, such as ownership of study results, publication rights, liability limitations, and termination...more
Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other...more
On 3 January 2025, the Cyberspace Administration of China (“CAC“) released for public consultation the draft Measures for Certification of Personal Information Protection for Cross-Border Transfer of Personal Information...more
As part of the latest developments regarding the personal data protection regulations in the Kingdom of Saudi Arabia ("KSA"), the Saudi Data and Artificial Intelligence Authority ("SDAIA") issued the Regulation on Personal...more
New rules just took effect in Brazil regulating international data transfers, and employers doing business in the country must take note. Covered data processing agents – such as companies in Brazil that transfer data to...more
Organisations that make international transfers of personal data have undergone significant challenges and changes over the last few years. With the invalidation of the Privacy Shield agreement in 2020 and the introduction of...more
Wondering what the requirements are for transferring personal information out of Brazil? Under the country’s Data Protection Law, extra-territorial transfers of personal information are regulated in much the same way as in EU...more
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more