On 10 July 2023, the European Commission announced a major development1 in EU-U.S. personal data transfer relations by adopting a long-anticipated adequacy decision2 for the EU-U.S. Data Privacy Framework (“DPF”). The...more
7/12/2023
/ Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Policies and Procedures ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Dubai International Financial Centre’s ("DIFC") data protection authority has published its proposals for updated tools and guidance on international data transfers. A consultation on these proposals by the DIFC...more
5/5/2022
/ Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Dubai ,
International Data Transfers ,
Personally Identifiable Information ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Standard Contractual Clauses ,
United Arab Emirates (UAE)
On November 19 the European Data Protection Board (EDPB) published draft guidelines on the interplay between Article 3 of the GDPR (which establishes the GDPR’s territorial scope), and the GDPR’s international transfer...more
11/30/2021
/ Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The Advocate General (AG) says the standard contractual clauses (SCCs) are valid but, where circumstances in the destination third country mean the SCCs would be breached or impossible to abide by, there is an obligation on...more
12/23/2019
/ Actual or Constructive Knowledge ,
Advocate General ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Duty of Care ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Importers ,
International Data Transfers ,
Personal Liability ,
Personally Identifiable Information ,
Popular ,
Prohibited Transactions ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Supervisors ,
Trade Suspensions
In anticipation of Brexit, the U.S. Department of Commerce (“DOC”) has published steps it expects to be taken by businesses that rely on Privacy Shield to transfer personal data from the UK to the U.S....more
1/15/2019
/ EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK ,
UK Brexit ,
x
The prospect of the UK leaving the European Union without a formal agreement in place seems increasingly possible. Businesses need to increase their preparations for a "no deal" scenario and these preparations should include...more
10/8/2018
/ Binding Corporate Rules ,
Consent ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
The European Commission has issued a notice explaining some of the legal ramifications of Brexit on transfers of personal data from the EU to the UK....more
The Irish High Court recently asked the Court of Justice of the European Union (CJEU) to rule on the validity of “standard contractual clauses” as a basis for transferring personal data out of the European Economic Area...more
10/11/2017
/ Court of Justice of the European Union (CJEU) ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
Ireland ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Validity