The OECD countries adopted the first intergovernmental declaration setting out common approaches to providing privacy and data protection safeguards for governmental access to personal data held by private sector (on 14...more
On 7 October 2022, the President of the United States signed an Executive Order on Enhancing Safeguards for US Intelligence Activities. The Executive Order aims to implement the United States' commitments to protect EU-US...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
The European Data Protection Board (EDPB) has adopted, on 16 June 2022, the draft guidelines on certification as a tool for transfers of data to third countries without adequacy status (the Guidelines). The text of the...more
On 13 June 2022, the UK’s Department of Digital, Culture, Media and Sport (DCMS) published its 2022 Digital Strategy (the Strategy)....more
On 5 May 2022, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion (Opinion) addressing the legislative proposal of the European Commission for the EU Data Act,...more
On 21 April 2022, seven economies participating in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System announced the launch of the Global CBPR Forum to facilitate multinational cooperation in...more
On 15 February 2022, the European Data Protection Board (EDPB) launched the first coordinated enforcement action under the coordinated enforcement framework (CEF) which was set up in October 2021....more
On 2 February 2022, the Department for Digital, Culture, Media and Sport (DCMS) laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s...more
On 15 December 2021, the UK Government published its new National Cyber Strategy for 2022 based around the following five strategic pillars, representing the goals that the government intends to achieve by 2025, as first set...more
Employers are working in a new and disrupted world, with different volumes and types of data, processed for different purposes, including those driven by societal development, expectations and changing ways of working. These...more
On 18 November 2021, the European Data Protection Board (EDPB) adopted a statement (the Statement) on the recent legislative proposals issued as part of the European Commission’s Digital Services Package and Data Strategy. ...more
On 19 November 2021, the European Data Protection Board (EDPB) published the much-awaited draft guidance on the interplay between the provisions of the GDPR on territorial scope (in Article 3) and on international data...more
On 27 September 2021, the European Data Protection Board (EDPB) published its opinion on the draft adequacy decision of the European Commission in relation to the Republic of Korea (the Opinion). This is the first opinion on...more
The Irish supervisory authority (Irish DPC) published its final decision to impose a fine of EUR 225 million on WhatsApp Ireland Ltd (WhatsApp)(on 2 September 2021). This decision follows a cross-border investigation into...more
On 2 August 2021, the Italian supervisory authority (Garante) announced that is has imposed a fine of EUR 2.5 million against a food delivery company Deliveroo Italy s.r.l. (Deliveroo) for violation of several requirements of...more
On 8 July 2021, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on 7 July. ...more
French CNIL issues guidance for organisations on transfer impact assessments, German DSK releases statement on supplementary measures and SCCs, and Hessian DPA comments on data transfer obligations (23 June 2021)....more
On 15 June 2021, the Court of Justice of the European Union (CJEU) issued its judgment addressing the operation of the GDPR one-stop-shop mechanism (OSS) in cross-border cases and the powers of national supervisory...more
The European Commission announced its proposal for a regulation that will amend the EU eIDAS Regulation and establish a framework for a European Digital Identity (the Proposal)(3 June 2021). ...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
On 22 February 2021, the Presidency of the Council of the European Union (the Presidency) released the first compromise text of the proposal for a Regulation of the European Parliament and of the Council on European Data...more
On 22 January 2021, the Digital Senior Officials’ meeting of the Association of Southeast Asian Nations (ASEAN) approved model contractual clauses for cross-border data flows (ASEAN Model Clauses) and related guidance on...more
The General Data Protection Regulation takes effect from 25 May 2018, and will require significant planning and preparation by UK pension schemes. Although many of the basic concepts set out in the GDPR will be familiar,...more
After over three years of discussions at many levels, it is now clear that the proposed EU data protection framework will be revised, and that it will be in the form of a Regulation – the General Data Protection Regulation....more