On 28 January 2022 (Data Protection Day), the UK’s International Data Transfer Agreement (“IDTA”) and International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (the “EU Addendum”) were...more
On 11 August, the UK Information Commissioner’s Office launched a consultation paper on “International transfers under UK GDPR”. The documents released alongside the paper include a draft International Data Transfer Agreement...more
8/16/2021
/ Consultation ,
Corporate Counsel ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
7/9/2021
/ Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
On 28 June, the European Commission adopted its Adequacy Decision for the UK, putting to an end (at least for now), the uncertainty surrounding EU to UK personal data flows. This averted a “cliff edge” in the shape of the 30...more
The European Commission published a draft Adequacy Decision for the UK on 19 February. That document remains in draft, though it is understood to have successfully cleared the last formal approval stage required....more
6/21/2021
/ Adequacy Requirement ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
6/21/2021
/ Appointed Public Officials ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Registered Representatives ,
Regulatory Requirements ,
UK
So far, the German, French and British supervisory authorities have released guidance specifically addressing cookies in 2019. The German guidance was published in April 2019...more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Lottery ,
Online Advertisements ,
Personal Information ,
Sweepstakes ,
UK ,
Websites
Probably not.
A data subject’s consent to the use of analytics or behavioural cookies must be a valid “affirmative act.” While it may be argued that the data subject is indeed performing an “affirmative act” by continuing...more
Probably not.
A cookie can qualify as “personal data” under GDPR when it can be linked to an individual person. Even in instances where a cookie cannot be linked, it is still governed by the ePrivacy Directive and...more
7/24/2019
/ Consent ,
Cookie Banners ,
Cookies ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
Prior Express Consent ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
UK