Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
Pennsylvania COVID-19 Update Featuring Former Pa. Gov. Tom Corbett
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
It shouldn’t come as a surprise that the European Data Protection Board (EDPB), through Ireland’s Data Protection Commission (DPC), issued another fine against a large US technology company. What may come as a surprise is the...more
On May 22 the Irish Data Protection Commission (“DPC”), Ireland’s data privacy watchdog, issued its final and binding decision against Meta with respect to Facebook’s exporting of personal data from Europe to the US from July...more
On 22 May 2023, the Irish Data Protection Commission (DPC) issued Meta Platforms Ireland Limited (Meta Ireland) with a EUR 1.2 billion (approximately 1.3 billion U.S. dollar) fine for breaches of the GDPR with respect to...more
On February 24, 2023, the Cyberspace Administration of China (CAC) released the much-awaited Measures for the Standard Contract for Outbound Transfer of Personal Information (China SCC Measures) together with the issuance of...more
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a series of questions and...more
Keypoint: Starting in 2023, organizations that are subject to one or more of the laws will need to enter into contracts with recipients of personal information/data that address numerous statutory requirements....more
Post-Brexit, the UK is no longer a member state of the European Union, meaning that the data protection regime that applies to UK-related processing is separate from – but currently remains similar to – that which applies to...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
Keypoint: The EDPB takes the position that geographical boundaries – and not GDPR’s jurisdictional reach – govern the restricted transfer determination. On November 19, 2021, the European Data Protection Board (EDPB)...more
The European Data Protection Board (EDPB) recently published Minutes of its last plenary meeting held in September, which sheds light on how the EDPB plans to address the biggest open issue of the new Standard Contractual...more
For several years, cross-border data transfers functioned similar to airport security checks for international travel, with the Privacy Shield operating as a fast check-in lane. After the European Union (EU) Court invalidated...more
In June, the European Commission published the final version of a new set of standard contractual clauses (SCCs) that can be used to comply with the EU’s General Data Protection Regulation (the “GDPR”). These clauses are of...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
Post Schrems II World: EDPB Adopts Recommendations on Supplementary Measures for International Data Transfers - On June 18, the European Data Protection Board (EDPB) formally adopted Version 2 of its Recommendations on...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United...more
Ending months of anxious speculation from privacy lawyers around the globe, the European Commission announced on Friday that it had adopted final versions of the new Standard Contractual Clauses (the “New SCCs”) for the...more
The European Commission has published updated versions of the standard contractual clauses for international transfers of personal data from the European Union (“EU”). These new standard contractual clauses take into account...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
Pathways for U.S. companies to transfer personal data out of the European Union have been repeatedly blocked by EU authorities concerned by what they perceive as gaps in data protection under U.S. laws. Schrems I invalidated...more
To round out this series on right-sizing a privacy program, our last stop is thinking about the impact of working with third parties. There are many legal requirements to assess and/or to address in third party contracts when...more